MAL-2026-4783

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6e28a7ca88c4000d6efee1c0e324c8f28bebf03ef988e2ac3aa437857f34ee08) src/cli.js contains a hardcoded endpoint https://apiiola.yasg.ru referenced multiple times (lines 1, 2, 198) and invoked via fetch() at line 256, in code paths that read process.env. The destination domain is a non-descriptive third-party host on the.ru TLD with no relationship to the package's apparent identity (@iola_adm/iola-cli) or any documented publisher infrastructure. The combination of a hardcoded foreign C2-shaped destination, fetch() calls into it, and process.env reads in the same file matches the active-attack/exfiltration shape: any installer who runs the CLI will have environment data shipped to an attacker-controlled endpoint.