VDB
EN

MAL-2026-10616

Malicious code in smb-portal-uikit (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (395b88ae26544dcfdfca9d46294e1f0558c2e5bade88bac0eb0797d1140debbe) Package smb-portal-uikit@18.1.1 declares a preinstall lifecycle hook that runs `node index.js`. On `npm install`, index.js invokes child_process.exec on `whoami` and `id`, reads os.hostname(), os.userInfo(), process.platform, and process.cwd(), and POSTs the collected host reconnaissance to a hardcoded attacker-controlled endpoint at https://a2dmzqok5w5seb3fac3w4kvcz35utohd.oastify.com (an oastify.com subdomain, a Burp Collaborator out-of-band interaction host commonly used as an exfiltration/beacon sink). The package ships no legitimate UI-toolkit functionality consistent with its name; the entire install-time behavior is reconnaissance and exfiltration.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / smb-portal-uikit

No fixed version published yet for smb-portal-uikit (npm). Pin to a known-safe version or switch to an alternative.

참고