MAL-2026-10632
Malicious code in cppt-common (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (484688d5963a9246f4fe7a2b5c1c7ebe6bba135a2a5df66b3ab57f44978407b2) cppt-common@13.1.1 declares a preinstall hook ("preinstall": "node index.js") that runs automatically on npm install. index.js collects host and user identifiers — os.hostname(), os.userInfo(), the output of `whoami` and `id` via child_process.exec, platform/arch/memory, cwd, homedir, and shell — and POSTs the collected JSON to a hardcoded endpoint at https://mj9yg25wm8m4vnkrrok8lwcogfm6awyl.oastify.com/detox56. The oastify.com host is a Burp Collaborator out-of-band callback domain used for exfiltration. The package has empty description and author fields and provides no advertised functionality; its only install-time effect is the reconnaissance beacon.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for cppt-common (npm). Pin to a known-safe version or switch to an alternative.