VDB
EN

MAL-2026-10165

Malicious code in @injectivelabs/sdk-ts (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (dce156fa9e153261f384633eb80b2d493c99ba1666d1b4b874b361a1cc574030) The wallet/accounts module (dist/esm/accounts-jQ1GSgaW.js) contains injected code that reconstructs a remote host from a char-code array via String.fromCharCode, decoding to testnet.archival.chain.grpc-web.injective.network, and builds the endpoint https://<host>/. When a wallet is created or used, the code reads the BIP-39 mnemonic (via @scure/bip39 generateMnemonic and ethers HDNodeWallet) and POSTs it base64-encoded, placed in an X-Request-Id header with an application/grpc-web+proto content-type, to that endpoint, with a Node http fallback. The char-code obfuscation of the host and the grpc-web framing disguise the exfiltration as normal Injective SDK traffic. Any mnemonic handled by this version is transmitted to the operator of that host, exposing the wallet's master key.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @injectivelabs/sdk-ts

No fixed version published yet for @injectivelabs/sdk-ts (npm). Pin to a known-safe version or switch to an alternative.

참고