MAL-2026-6569

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (90336f7ef2177c75d9cf4a1872fe94504a382dfd1907e7617e0e06642f2dae67) On `npm install`, the package's postinstall hook executes `.prepare.cjs`, which collects the installer's hostname, username, platform, Node version, non-internal network interfaces, npm registry, and a complete dump of `process.env` (every key except those prefixed `npm_lifecycle`), then HTTPS-POSTs the payload as a Lark/Feishu bot message to a hardcoded webhook on `open.larksuite.com`. The destination hostname is reversed and char-shifted by 7, and the webhook path is XOR-decoded with key `Zk9x` at runtime to hide the endpoint. Before sending, the script runs sandbox/honeypot evasion: char-code-decoded checks for AWS example credentials and honeypot tokens (`PYPI_POISON_HONEY_TOKEN`, `PP_ARTIFACT_SHA256`, `THREAT_ANALYZER_MODEL`, `ASPECT_TLOG`), sandbox env prefixes (`SANDYCLAW_`, `OPENCLAW_`, `PERMISO_`, `CHAINRADAR_`), hostname regex matching `detonat|cuckoo|virus|scan|chainradar`, and usernames such as `sandbox` and `malware`. The package's declared `homepage`/`repository.url` is an RFC1918 internal address (`http://192.168.100.4:9088/app/lzy-basic-module.git`) inconsistent with publishing to the public npm registry, and the stated purpose ("Support WoPet ui") is unrelated to the postinstall beacon. The combination of obfuscated author-controlled destination, full `process.env` exfiltration, and explicit sandbox evasion is unambiguous credential-theft malware.