MAL-2026-10509
Malicious code in test_adminet (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (e1971734ce6221624b53d3647a5881c1fe0bc7f8ae4d383a5ff2a9f5080da57c) The package's package.json declares a preinstall hook that runs index.js. On npm install, index.js uses child_process.exec to curl-POST installer identifiers ($(whoami), $(hostname), id output) together with the contents of /etc/passwd, /etc/hosts, and /etc/shadow (base64-encoded and stuffed into the User-Agent header) to a hardcoded webhook.site endpoint. The /etc/shadow read attempts to harvest local password hashes; if the install runs as root (common in CI/Docker), hashes are transmitted off-host. Behavior fires automatically on default npm install with no user interaction.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for test_adminet (npm). Pin to a known-safe version or switch to an alternative.