MAL-2026-6473

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (226e4e81049c5688a16a198fb9a90ab3d11d371b621e367da4590632f4e5e140) Package presents itself as a minimal React color-picker but ships a postinstall hook (`"postinstall": "node setup.js"`) that performs targeted credential theft and code-injection staging on `npm install`. setup.js reads classic installer secrets — `/var/run/secrets/kubernetes.io/serviceaccount/token` (Kubernetes service-account token granting cluster API access), the AWS Instance Metadata Service at `http://169.254.169.254/latest/meta-data/` (cloud instance credentials), `/etc/passwd`, `/etc/resolv.conf`, `/etc/hosts`, the full `process.env`, and runs `id` / `uname -a` plus a recursive listing of `/app`. The harvested data is wrapped as `export default "...";` and written to multiple attacker-chosen paths including `/app/sandbox-data/workspace/frontend/_rce.ts`, `../frontend/_rce.ts`, and `/tmp/rce.json`. The `_rce.ts` filename and the targeting of adjacent frontend workspace directories are designed to land the file inside AI coding-agent / sandbox workspaces that auto-import files from the workspace tree, converting the postinstall into arbitrary code execution in the next agent run while also exfiltrating the secrets to whatever process consumes the file. The advertised color-picker API in index.js (ColorPicker, hexToHsl, hslToHex) is functional but exists solely as cover; a color-picker library has no need to read kubernetes tokens, IMDS, or /etc/passwd at install. The log message 'generating default theme cache' printed by setup.js is deliberately misleading.