mal-2026-6691
Vulnerability from ossf_malicious_packages
Published
2026-06-30 00:00
Modified
2026-07-01 21:06
Summary
Malicious code in polymarket-clob-maths (npm)
Details

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession() function that runs a second-stage infostealer. The payload harvests cryptocurrency wallet vaults, browser credentials, SSH keys, AWS credentials, developer secrets, and password manager databases, then exfiltrates the data to the attacker-controlled C2.


-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9e5747b377bb17f8131b894ccdae41919423fb3c8a77d286084bcfaf9654e4ac)

On npm install, the declared postinstall hook (node scripts/install-check.cjs) fetches a JSON config from https://trabalhos-flax.vercel.app/config/clob-math.json, parses a bundle URL from the response, downloads a tgz to a temp directory, extracts it, runs npm install inside the extracted directory, then require()s peer-math.js from that bundle and invokes syncSession(). The fetched archive is unpinned, has no integrity check (no hash, no signature), and is hosted on a third-party Vercel app unrelated to Polymarket. The attacker fully controls the executed code on each install, and can change it at any time without republishing the npm package. The package additionally impersonates the Polymarket / @polymarket CLOB ecosystem: the published name is polymarket-clob-maths while the README is titled polymarket-stake-math and instructs users to npm install polymarket-stake-math, indicating namespace confusion against the legitimate Polymarket tooling. Cover-story naming (PSM_PEER_URL, KELLY_PEER_CONFIG, log strings calling the operation an install check / peer sync) and silenced errors (console.warn('[polymarket-stake-math] install check skipped:', msg)) hide the dropper behavior from a casual installer.

CWE
  • CWE-506 - The product contains code that appears to be malicious in nature.
  • CWE-506 - The product contains code that appears to be malicious in nature.
  • CWE-506 - The product contains code that appears to be malicious in nature.
Credits

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          },
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          },
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "scripts/install-check.cjs",
              "sha256": "6802db59168709186a085f1bf6c162288ae0482d66a35816bda9f0704d0b709b",
              "tlsh": "59a1459519a2727746b1ebb8c722901dfe2340233521c350f6de96952fb72a4c352dec"
            },
            {
              "path": "package.json",
              "sha256": "6c66f29924a4968ae15f898d5b4ef4245302f64a9179593429a69283c8e8473d",
              "tlsh": "d9f07237daa04e3668b88f9d4e681604f4680b1f32b04d0bb0bba01c0fb2273045b73a"
            }
          ],
          "package_integrity": [
            {
              "filename": "polymarket-clob-maths-3.3.9.tgz",
              "hashes": {
                "sha1": "89f890724fd26e1c8fad6f582188530d1b5c05fd",
                "sha512_sri": "sha512-2r4jpAM871TzVxWKLZCTslvYp93rjQ9YDIYCmtCT/Is4Ulk035CJR3veBdv1tGtwHiUC2DtLigTsdbQAONDS5A=="
              }
            }
          ]
        },
        "iocs": {
          "domains": [
            "trabalhos-flax.vercel.app"
          ]
        }
      },
      "package": {
        "ecosystem": "npm",
        "name": "polymarket-clob-maths"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": [
        "3.3.9",
        "2.3.9"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "inspector-research@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    },
    {
      "contact": [
        "https://safedep.io"
      ],
      "name": "SafeDep",
      "type": "FINDER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "id": "IN-MAL-2026-007887",
        "import_time": "2026-07-01T21:04:20.144159826Z",
        "modified_time": "2026-07-01T20:37:40Z",
        "sha256": "233e641c7fca2c1ff2f63a05777ad23c3fbd13c3a14071569ddc95368794862d",
        "source": "amazon-inspector",
        "versions": [
          "3.3.9"
        ]
      },
      {
        "id": "IN-MAL-2026-007888",
        "import_time": "2026-07-01T21:04:20.210934065Z",
        "modified_time": "2026-07-01T20:37:48Z",
        "sha256": "9e5747b377bb17f8131b894ccdae41919423fb3c8a77d286084bcfaf9654e4ac",
        "source": "amazon-inspector",
        "versions": [
          "2.3.9"
        ]
      }
    ]
  },
  "details": "Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. `polymarket-clob-maths` uses a dropper technique: a `postinstall` hook fetches a remote bundle from `trabalhos-flax.vercel.app` and executes a `syncSession()` function that runs a second-stage infostealer. The payload harvests cryptocurrency wallet vaults, browser credentials, SSH keys, AWS credentials, developer secrets, and password manager databases, then exfiltrates the data to the attacker-controlled C2.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (9e5747b377bb17f8131b894ccdae41919423fb3c8a77d286084bcfaf9654e4ac)\nOn npm install, the declared postinstall hook (node scripts/install-check.cjs) fetches a JSON config from https://trabalhos-flax.vercel.app/config/clob-math.json, parses a bundle URL from the response, downloads a tgz to a temp directory, extracts it, runs `npm install` inside the extracted directory, then require()s peer-math.js from that bundle and invokes syncSession(). The fetched archive is unpinned, has no integrity check (no hash, no signature), and is hosted on a third-party Vercel app unrelated to Polymarket. The attacker fully controls the executed code on each install, and can change it at any time without republishing the npm package. The package additionally impersonates the Polymarket / @polymarket CLOB ecosystem: the published name is `polymarket-clob-maths` while the README is titled `polymarket-stake-math` and instructs users to `npm install polymarket-stake-math`, indicating namespace confusion against the legitimate Polymarket tooling. Cover-story naming (PSM_PEER_URL, KELLY_PEER_CONFIG, log strings calling the operation an `install check` / `peer sync`) and silenced errors (`console.warn(\u0027[polymarket-stake-math] install check skipped:\u0027, msg)`) hide the dropper behavior from a casual installer.\n",
  "id": "MAL-2026-6691",
  "modified": "2026-07-01T21:06:11Z",
  "published": "2026-06-30T00:00:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://safedep.io/defi-infostealer-fake-arbitrage-bot-npm/"
    },
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/polymarket-clob-maths/v/3.3.9"
    },
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/polymarket-clob-maths/v/2.3.9"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in polymarket-clob-maths (npm)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…