VDB
EN

MAL-2026-10080

Malicious code in webrix-docs (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (bec06de7c68db5cdd90e4b05be057a583f1a2318174916af07ed86d52a5011fc) package.json declares `preinstall: node index.js`, which runs automatically on `npm install`. index.js collects host reconnaissance data — os.hostname(), os.userInfo() (username, uid, gid, homedir), process.platform, cwd, and the output of `whoami`/`id` spawned via child_process — and POSTs it as JSON to the hardcoded URL https://c7kfuaf25guwigaz6r03kxet0k6bu3is.oastify.com/detox56 (a Burp Collaborator / oastify.com out-of-band interaction subdomain). The package has an empty description and author, no library code, and a name that mimics the legitimate `webrix` UI library — consistent with a typosquat/dependency-confusion lure whose only purpose is the install-time beacon.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / webrix-docs

No fixed version published yet for webrix-docs (npm). Pin to a known-safe version or switch to an alternative.

참고