MAL-2026-5969

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6) cryptodao-sdk@99.99.99 ships a postinstall script (recon.js) that runs automatically on `npm install` and harvests installer-side secrets. The script enumerates a hardcoded list of credential-bearing environment variables (including AWS_SECRET_ACCESS_KEY, NPM_TOKEN, CI_JOB_TOKEN, GitLab tokens, database passwords, PRIVATE_KEY, MNEMONIC, RPC URLs, Docker credentials), reads.env files from common application paths, and lists CI build directories. The collected data, along with host metadata (hostname, platform, user, cwd), is POSTed over HTTPS to two attacker-controlled endpoints — webhook.site/d6d18927-... and enqoojbegdvxj.x.pipedream.net — with TLS verification explicitly disabled (rejectUnauthorized:false). A copy is also written to /tmp/.npm_recon_<ts>.json. The package.json sets version 99.99.99 (a classic dependency-confusion override to outrank private internal packages of the same name), the description claims it is an internal CryptoDAO module, and recon.js self-identifies in a comment as a 'CryptoDAO Dependency Confusion Reconnaissance Payload'. The combination of dep-confusion namespace abuse with install-time credential exfiltration is an unambiguous supply-chain attack.

## Source: ossf-package-analysis (2fd0b9ae70fe8613fefca34d371faf77a9c69e36f8756c3da390d16f486a40e9) The OpenSSF Package Analysis project identified 'cryptodao-sdk' @ 99.99.99 (npm) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.