—

MAL-2026-5653

Malicious code in pc-optimizer (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f046d16052b9121c55f2fd5e6eb2be90ce24e7b007efca3c2a9e7f64dab8f6bf) The package's collect.js imports child_process, fs, http, https, and os, reads host identifiers via os.hostname() and os.homedir(), inspects local filesystem paths via fs.existsSync, and POSTs collected data to a hardcoded external endpoint at http://aab.sportsontheweb.net. The destination is not a registry, vendor SDK host, or documented service — it is an unrelated third-party domain bound to a POST in install/load-reachable code. The combination of system enumeration (hostname, homedir, child_process), filesystem inspection, and a hardcoded non-publisher exfiltration endpoint is the canonical host-information stealer fingerprint and provides direct attacker benefit (host fingerprinting + arbitrary collected data shipped off-host).

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / pc-optimizer

No fixed version published yet for pc-optimizer (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/pc-optimizer/v/1.0.1 [PACKAGE]
https://www.npmjs.com/package/pc-optimizer/v/1.0.2 [PACKAGE]
https://www.npmjs.com/package/pc-optimizer/v/1.0.9 [PACKAGE]