VDB
EN

MAL-2026-10620

Malicious code in ahooks-3.7.8 (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (c6816bbe8dc3e7d033a03452f7c1e8f873b97c158165faa863694ee13eb6dd61) Package published as `ahooks-3.7.8` at version `13.1.1` with empty author/description/license impersonates the legitimate `ahooks` React hooks library. `package.json` declares a `preinstall` hook that runs `node index.js`, which collects the installer's hostname, platform, architecture, username/uid/gid/shell, home directory, current working directory, and the output of `whoami` and `id`, and POSTs the JSON to the hardcoded Burp Collaborator subdomain `https://q7y246t0aca8jr8vfs8c900s4jaay1mq.oastify.com/detox56`. The script auto-executes on `npm install` without any user interaction.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / ahooks-3.7.8

No fixed version published yet for ahooks-3.7.8 (npm). Pin to a known-safe version or switch to an alternative.

참고