MAL-2026-6256

@withgoogle/stitch-sdk is a scope-squatting package on npm that impersonates Google's Stitch AI design tool SDK. The attacker registered the @withgoogle scope to mimic Google's withgoogle.com domain and published versions 0.1.1 and 0.1.2 under the account maximus-mcmillan on June 19, 2026. The package runs a credential harvester from a preinstall hook (scripts/preinstall.js) and an identical CLI binary (bin/cli.js). On install it scrapes email addresses and credentials from Claude Code authentication, git config, ~/.git-credentials, ~/.ssh/*.pub, the GitHub CLI, ~/.npmrc, and ~/.docker/config.json, then exfiltrates them to https://stitch-production.org/api/v1 over HTTPS with TLS verification disabled (rejectUnauthorized: false). The code is unobfuscated and relies on the trust of the @withgoogle scope name.