MAL-2026-10605
Malicious code in @radivi-ui/react-dialog (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (b5e92ae03eb6adb090fb832665431984cccef31039bb920e3850535f4defe610) @radivi-ui/react-dialog is a typosquat of @radix-ui/react-dialog whose main entry (index.js) is a self-executing IIFE that runs `whoami` and `hostname` via `child_process.execSync` when the package is loaded via require/import. The command outputs are hex-encoded and exfiltrated to the hardcoded Burp Collaborator subdomain `vih2vewj1xxwlsd8dkgjqugtyk4bs1gq.oastify.com` via both DNS resolution (dns.resolve of a crafted subdomain) and HTTP GET (http.get). The behavior fires unconditionally on module load with no user opt-in, no CLI gate, and no relation to any dialog/UI functionality the package name implies.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for @radivi-ui/react-dialog (npm). Pin to a known-safe version or switch to an alternative.