MAL-2026-10636
Malicious code in leviosa86-test (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (46b0bed6337ffe527af2615fed8ae1ecbb449f6a6cb00afa6381f7811ec88956) leviosa86-test@4.999.0 ships src/poc/index.js which uses child_process.exec to run a shell pipeline that collects host reconnaissance data (hostname, current working directory, whoami, a package identifier) and the public egress IP fetched from https://ifconfig.me, concatenates the values, and exfiltrates them via nslookup as a subdomain label of d9bd62bu6g119svvav70o3p9tymtrxkoj.oast.site — an Interactsh (project-discovery) out-of-band callback domain. The generic package name combined with the anomalous 4.999.0 version bump is the canonical dependency-confusion research/attack shape, where a high version number is published to a public registry to override a private internal package and cause the recon payload to fire in the victim's build.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for leviosa86-test (npm). Pin to a known-safe version or switch to an alternative.