VDB
EN

MAL-2026-10714

Malicious code in @hibachi-xyz/sdk (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (54956c91d0cedbe9097a2a8f7fa864382bd3b5a91ba7ccbe4a0219081be711f9) index.js (the package main) executes at require-time and performs credential and host exfiltration. It iterates process.env and filters keys matching a broad credential regex (KEY, SECRET, TOKEN, PASS, PRIV, SIGN, AWS, CIRCLE, GITHUB, DB, RDS, SENTRY, PYPI, NPM, DOCKER, KUBE, TUNNEL, CF_, etc.), collects hostname and username, and runs `whoami && id && cat /proc/1/cgroup` via child_process.execSync to fingerprint the user/container/CI runner. The collected data is POSTed to https://jorijo.xyz:8443/t with TLS certificate verification disabled (rejectUnauthorized:false). The version number (99.0.0) and scoped name are consistent with a typosquat/impersonation of an @hibachi-xyz SDK.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @hibachi-xyz/sdk

No fixed version published yet for @hibachi-xyz/sdk (npm). Pin to a known-safe version or switch to an alternative.

참고