MAL-2026-6757
Malicious code in vps-maintenance-paperclip-adapter (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3) package.json declares a postinstall lifecycle script that runs an inline `node -e` payload opening a TCP socket to 185.112.147.174:7007 and piping it bidirectionally to a spawned `/bin/sh` process. On `npm install`, this immediately grants the operator of that hardcoded endpoint an interactive shell on the installer's host with the installing user's privileges, enabling arbitrary command execution, credential theft, and persistence. The package's stated 'VPS maintenance adapter' purpose does not require any outbound shell connection; the reverse-shell code path is unambiguous backdoor / install-time RCE.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for vps-maintenance-paperclip-adapter (npm). Pin to a known-safe version or switch to an alternative.