MAL-2026-10093
Malicious code in @andrewstory18/is-real-odd (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (0a6faaf0fbf39ed9ec8797c97cb8b2486be8b84eb46bfeabc3412a3eeded4aa1) @andrewstory18/is-real-odd impersonates the widely-used is-odd package by copying its README, author, and repository metadata verbatim, but ships an additional obfuscated payload (index.min.js) wired into package.json as a postinstall script. The payload uses an _0x string-array dispatcher to hide its behavior; once deobfuscated, it issues an http.request POST to the hardcoded bare IP 144.172.91.84 on port 3000 at path /hello. This fires automatically on npm install, establishing an attacker-controlled callback from any installer machine and enabling tracking of successful infections and staging of follow-on payloads. The destination is unrelated to the legitimate is-odd publisher (jonschlinkert) and is not a registry, CDN, or known SDK endpoint.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for @andrewstory18/is-real-odd (npm). Pin to a known-safe version or switch to an alternative.