MAL-2026-10599
Malicious code in @public-for-cdao/abi (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (102277e30b4f56dba5ebfb6a6a0ba076163907bfd28b2055b7fe6870261071f6) The package installs a postinstall script (recon.js) that runs automatically on npm install. The script enumerates a hardcoded list of installer environment variables (including AWS_SECRET_ACCESS_KEY, CI_JOB_TOKEN, NPM_TOKEN, MNEMONIC, private-key and database-password names), scans multiple.env file paths for lines matching KEY/SECRET/TOKEN/PASS/MNEMONIC patterns, and collects host identifiers (hostname, platform, arch, username, cwd) plus directory listings under /builds/, /home/gitlab-runner/builds/, /tmp/, and /var/lib/gitlab-runner/. The collected JSON payload is written to /tmp/.npm_recon_<ts>.json and POSTed via https.request to two attacker-controlled endpoints: webhook.site and enqoojbegdvxj.x.pipedream.net. The package name `@public-for-cdao/abi` with a 99.99.99 version and an index.js that returns `{name:'@cdao/abi'}` targets a private `@cdao/abi` scope via dependency confusion; a code comment labels the file 'CryptoDAO Dependency Confusion Reconnaissance Payload'.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for @public-for-cdao/abi (npm). Pin to a known-safe version or switch to an alternative.