VDB
EN

MAL-2026-10201

Malicious code in bugexploit (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (745f81b0c53fa121939d4f71680783860795a394eb30308f6e7e2dcf29401c92) package.json declares a `postinstall` script that runs `node index.js`. On `npm install`, index.js collects the installer's username (os.userInfo()), hostname (os.hostname()), and current working directory (process.cwd()), then POSTs them as JSON via https.request to the hardcoded endpoint https://webhook.site/cd23dfb8-a0fc-4ff7-818c-f7812fcb4bec. The transmission is unconditional and fires automatically on default install. The destination is a generic webhook-capture service unrelated to any declared package purpose, and the collected fields are host identifiers useful for victim triage / beacon confirmation.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / bugexploit

No fixed version published yet for bugexploit (npm). Pin to a known-safe version or switch to an alternative.

참고