—

MAL-2026-4823

Malicious code in msc-terminal (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (eec05fa3df0248b788635026129e1ca42d37887fe05235f20f2e9ad6f0ad6f27) Cross-platform infostealer/RAT. postinstall installs obfuscated payload.js as 'MicrosoftSystem64' persistence (schtasks/launchctl/systemd). Keylogger w/ password-field detection, 27-wallet drainer, browser+SSH cred exfil, HuggingFace as covert C2.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / msc-terminal

No fixed version published yet for msc-terminal (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/msc-terminal/v/3.2.0 [PACKAGE]