VDB
EN

MAL-2026-10212

Malicious code in vuln-package (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (a8bd105bf3b12062f312b41f2a1eead5e8481f8d3749fc78bc79ed8675c11394) On npm install, the package's preinstall script triggers a DNS lookup to a unique subdomain of oast.fun (fabekzbnjtufpffkzzmvjvi5eafhny3ok.oast.fun), an out-of-band interaction service, confirming code execution on the installer's machine to a third-party collector. A sibling file indexCopy.js collects host identifiers (os.userInfo().username, os.hostname(), process.cwd(), and process.env references) and issues an https.request POST to a hardcoded webhook.site endpoint (https://webhook.site/cde465c1-3853-40ea-880c-fdca6fe508cc). The combination of an OOB DNS beacon at install time and a staged HTTPS exfiltration payload targeting installer host identifiers is characteristic of a supply-chain reconnaissance/exfiltration attack rather than any legitimate package behavior.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / vuln-package

No fixed version published yet for vuln-package (npm). Pin to a known-safe version or switch to an alternative.

참고