MAL-2026-5529

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (a591698b95bbe1180b694b6aac6d31e658b4fd1e0ba9941f7a9714e223a0ab79) v018-axios-cdntest@1.0.2 impersonates axios v0.18.0 (the bundle header reads `/* axios v0.18.0 | (c) 2018 by Matt Zabriskie */` and the package.json description self-identifies as 'Axios library v0.18.0 with cryptojacker payload'). The main entry index.js is the legitimate axios bundle with an appended IIFE that reads `document.cookie` and exfiltrates it via `XMLHttpRequest` GET to `https://webhook.site/ef6e7978-f936-4664-b3ff-296a250e1735?c=<cookie>` whenever the bundle is loaded in a browser. The sibling xmr-min.js is a self-described 'Stealth Cryptojacker v3.0' that spawns Web Workers (using `eval` on postMessage data), mines Monero against a hardcoded wallet via `pool.supportxmr.com:4444`, and dynamically injects an additional `<script>` from `https://cdn.jsdelivr.net/npm/v018-axios-cdntest@1.0.2/index.js`. Any application that bundles this package and ships it to end users will leak end-user cookies to the attacker's webhook and silently mine cryptocurrency in visitors' browsers.