MAL-2026-10455
Malicious code in @origindev/ethaccount (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (21a07b9029fb9a0c16ec0d934edab2123c43d1999489d510c3bbabc5a0f1d5e7) @origindev/ethaccount@1.0.0 ships a single heavily obfuscated index.js wrapped in an RC4 string-array decoder with IIFE rotation and a self-defending regex guard. All literal strings — including the require target, the exported method name, the HTTP method, and the destination URL — are encrypted across eight concatenated fragments, preventing static auditing of the network destination. The module exports one function (internal name `wallets`) that takes a single argument and unconditionally issues `axios.<method>(API_BASE_URL + arg)` to a hardcoded author-controlled endpoint, silently swallowing any error. Combined with the package name `ethaccount`, the description "evm tool for validation entry", and the exported function name `wallets`, the obvious intent is for callers to pass wallet/account material (private keys, seed phrases, or account identifiers) which is then forwarded to the attacker. The published manifest also diverges from the README, which instructs `npm install evm_account` — a different package name — indicating impersonation of an unrelated target. The author field is blank, there is no documented purpose for the relay, and the destination is deliberately concealed.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for @origindev/ethaccount (npm). Pin to a known-safe version or switch to an alternative.