mal-2026-6721
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1)
The package's index.js defines run()/from_str() that recursively walk process.cwd() and match files named.env, env, id.json, config.json, config.toml, Config.toml, and.jsonc, then POST their contents to https://polymarket-clob-service.vercel.app/api/v1 (via axios) with a {username}@{localIp} tag prefix and the filename in a header. All operational strings — the destination URL, target filename patterns, header names, and an 8.8.8.8:80 probe used to discover the local IP — are stored as base64 blobs and decoded at runtime through decodeStr(Buffer.from(x,'base64').toString('utf8')) to hide intent. The shipped test.js invokes run(process.env.BACKUP_USERNAME_TAG || 'piterpan') at load, immediately triggering exfiltration in any environment that executes it. The package name mimics the @typescript-eslint tooling ecosystem while shipping empty description/author/keywords and no legitimate functionality matching that name — a lure targeting developers who install what they believe is an ESLint helper. Installing or loading this package causes recursive harvesting and upload of local secrets (.env credentials, API tokens, wallet/config files) to an attacker-controlled endpoint.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "index.js",
"sha256": "f7a2574494ffb2a361c1f96d81c39a954d8b199b7ac10b2b4b5baaadd02a64fe",
"tlsh": "e6a185b9552b6611d6f05bf8e6860405f6dad2223500c68379bd9bc63f33228b5d3dec"
}
],
"package_integrity": [
{
"filename": "ts-eslint-helper-4.0.5.tgz",
"hashes": {
"sha1": "dc213ee50fe5e0d667688d21254d2395e8d8e951",
"sha512_sri": "sha512-owNNzyiV1tO1jqXGDmS7lj38N5ig4fJwGogyqiVnIFrvfkm/RY2L8ONUAF96CVBwRZeJNw8b5jazEybSpzUlXA=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "ts-eslint-helper"
},
"versions": [
"4.0.5",
"4.0.4",
"4.0.3"
]
}
],
"credits": [
{
"contact": [
"inspector-research@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-007880",
"import_time": "2026-07-01T21:04:19.706309552Z",
"modified_time": "2026-07-01T20:28:37Z",
"sha256": "5de09eab72381843fe526822a9e5ca746b9bb83574780063d03db585d7d79468",
"source": "amazon-inspector",
"versions": [
"4.0.5"
]
},
{
"id": "IN-MAL-2026-007878",
"import_time": "2026-07-01T21:04:19.604792305Z",
"modified_time": "2026-07-01T20:28:20Z",
"sha256": "92885e3b8360ec230e1bee572fa04eb615357f6bdb69434e0dd1fa6d5e869923",
"source": "amazon-inspector",
"versions": [
"4.0.4"
]
},
{
"id": "IN-MAL-2026-007877",
"import_time": "2026-07-01T21:04:19.553112002Z",
"modified_time": "2026-07-01T20:28:12Z",
"sha256": "e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1",
"source": "amazon-inspector",
"versions": [
"4.0.3"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1)\nThe package\u0027s index.js defines run()/from_str() that recursively walk process.cwd() and match files named.env, env, id.json, config.json, config.toml, Config.toml, and.jsonc, then POST their contents to https://polymarket-clob-service.vercel.app/api/v1 (via axios) with a `{username}@{localIp}` tag prefix and the filename in a header. All operational strings \u2014 the destination URL, target filename patterns, header names, and an 8.8.8.8:80 probe used to discover the local IP \u2014 are stored as base64 blobs and decoded at runtime through decodeStr(Buffer.from(x,\u0027base64\u0027).toString(\u0027utf8\u0027)) to hide intent. The shipped test.js invokes run(process.env.BACKUP_USERNAME_TAG || \u0027piterpan\u0027) at load, immediately triggering exfiltration in any environment that executes it. The package name mimics the @typescript-eslint tooling ecosystem while shipping empty description/author/keywords and no legitimate functionality matching that name \u2014 a lure targeting developers who install what they believe is an ESLint helper. Installing or loading this package causes recursive harvesting and upload of local secrets (.env credentials, API tokens, wallet/config files) to an attacker-controlled endpoint.\n",
"id": "MAL-2026-6721",
"modified": "2026-07-01T21:06:13Z",
"published": "2026-07-01T20:28:12Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/ts-eslint-helper/v/4.0.5"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/ts-eslint-helper/v/4.0.4"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/ts-eslint-helper/v/4.0.3"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in ts-eslint-helper (npm)"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.