VDB
KO

MAL-2026-10615

Malicious code in smb-common-uikit (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (66072ca2fc20c19a01d0a2b888d90632a7d9bfdc34a2d1a71b61ad06975eae5c) package.json declares a preinstall hook that runs index.js. On npm install, index.js collects host reconnaissance from the installer (os.hostname(), os.userInfo(), os.platform(), os.arch(), homedir, uid/gid, shell, plus the output of `whoami`, `id`, and cwd via child_process) and POSTs the resulting JSON to the hardcoded URL https://rmh3j781pdp9ysnwutndo1ftjkpbd31s.oastify.com/detox56. oastify.com is a Burp Suite Collaborator out-of-band interaction domain, and the unique random subdomain plus install-time host beacon is the canonical dependency-confusion / reconnaissance exfiltration shape.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / smb-common-uikit

No fixed version published yet for smb-common-uikit (npm). Pin to a known-safe version or switch to an alternative.

References