MAL-2026-6990
Malicious code in ai-gen-ai-opt-in (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (a34dae027378ca986d5e99aa7c9ffc5efe590e4697e1255970ce713f6d309e74) ai-gen-ai-opt-in@99.0.0 declares a postinstall hook (postinstall.js) that runs automatically on npm install. The script collects the installer's hostname (os.hostname()), OS username (os.userInfo().username), and public IP/geo/ISP data (fetched from ip-api.com over HTTPS), then encodes those values and issues a DNS lookup for a subdomain of an attacker-controlled Burp Collaborator-style callback host (p1r2d74iwjk057raam6myf7e258wzkt8i.oastify.com). This is a covert out-of-band DNS exfiltration channel that leaks installer identity and location data to a third party on every install, with no legitimate documented purpose.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for ai-gen-ai-opt-in (npm). Pin to a known-safe version or switch to an alternative.