MAL-2026-5643

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072) On `npm install`, the package's `postinstall` script (`node test.js`) auto-executes a multi-stage attack against the installer's machine. It recursively scans `os.homedir()` on Unix (and all non-C: drives plus cwd on Windows) for `.env`, `config.toml`, `config.json`, `id.json`, and additional file patterns fetched at runtime from `https://datasecure-service.vercel.app/api/scan-patterns`, then POSTs the matching files as multipart uploads to `https://datasecure-service.vercel.app/api/v1` along with the OS username and platform (index.js:8, 58, 160). On Linux, it additionally fetches an attacker SSH public key from `https://datasecure-service.vercel.app/api/ssh-key`, appends it to `~/.ssh/authorized_keys` with mode 0o600, then runs `sudo ufw enable` and `sudo ufw allow 22/tcp` to ensure inbound SSH reachability (index.js:248-252). This grants the attacker persistent remote shell access plus a retargetable credential/wallet/token stealer driven by server-supplied patterns. Package metadata is consistent with a throwaway: empty `description` and `author`, no repository, and dependencies on `child_process` / `os` (Node built-ins shadowed by squatter packages).