VDB
EN

MAL-2026-10625

Malicious code in @leviosa86com/leviosa86-test (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979) Package @leviosa86com/leviosa86-test@5.999.0 ships src/poc/index.js which shells out via child_process.exec to collect host identifiers (hostname, pwd, whoami) and the installer's public IP (curl https://ifconfig.me), then concatenates the collected data into a subdomain label and triggers a DNS lookup (nslookup) against a unique subdomain of oast.site (a d9bd62bu6g119svvav70o3p9tymtrxkoj.oast.site Interactsh out-of-band interaction server), exfiltrating host recon over DNS to an attacker-controlled OAST endpoint. package.json declares `preinstall: node index.js`; a root index.js is not present in the tarball, so the default install may no-op, but the shipped src/poc/index.js payload is unambiguous exfiltration recon and the package name/version shape (`@leviosa86com/leviosa86-test@5.999.0`, a very high version) matches a namespace-squat / dependency-confusion attempt targeting a private @leviosa86com scope.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @leviosa86com/leviosa86-test

No fixed version published yet for @leviosa86com/leviosa86-test (npm). Pin to a known-safe version or switch to an alternative.

참고