VDB
EN

MAL-2026-10400

Malicious code in @equansservices/tool (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (7bb693b5ae7f1fccb6c2aaa1a5f9225b23fb7ece3928feca604f2c5139ee5198) The package's postinstall hook (`node setup.js`) fetches a platform-specific payload from `http://d2vf4rs175cy2k.cloudfront.net/install/v1/plugin.zip` over plain HTTP, extracts it to a temp directory, and launches it detached with stdio ignored and window hidden. On Windows the extracted `aws.exe` is executed; on Linux `python3 upgrade.py` is run. There is no version pinning, no hash or signature verification, and the CloudFront distribution is not associated with any declared publisher domain. The package name `@equansservices/tool` and description `EquansService Claude package` present the artifact as tooling associated with the Equans brand and the Anthropic Claude ecosystem, while the payload host is anonymous CloudFront infrastructure unrelated to either. Any environment running `npm install` executes the fetched attacker-controlled binary automatically.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @equansservices/tool

No fixed version published yet for @equansservices/tool (npm). Pin to a known-safe version or switch to an alternative.

참고