{"id":"MAL-2026-10078","summary":"Malicious code in vybscan-testbed-inert-postinstall (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f4e6f35e49b7701bb75a88eb63fcf918c389272d5282093c8422d9e1f388dd38)\npackage.json declares a postinstall lifecycle script that runs `id` and reads the process environment, piping the collected host identity and environment variables to a remote endpoint via curl. This fires automatically on `npm install` without user interaction, causing the installer's environment variables (which routinely contain credentials, tokens, and API keys) and user/host identity to be transmitted off-host to an attacker-controlled destination.\n","modified":"2026-07-09T16:32:04.491077488Z","published":"2026-07-09T15:44:47Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-07-09T16:20:51.765755146Z","modified_time":"2026-07-09T15:44:47Z","sha256":"f4e6f35e49b7701bb75a88eb63fcf918c389272d5282093c8422d9e1f388dd38","source":"amazon-inspector","versions":["1.0.0"],"id":"IN-MAL-2026-009213"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/vybscan-testbed-inert-postinstall/v/1.0.0"}],"affected":[{"package":{"name":"vybscan-testbed-inert-postinstall","ecosystem":"npm","purl":"pkg:npm/vybscan-testbed-inert-postinstall"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vybscan-testbed-inert-postinstall/MAL-2026-10078.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"hashes":{"sha512_sri":"sha512-KKDDc/9TrBUyXAQi8jfsOeamLnsqV3dc1eSw7bgNywEKtBHyE5AhZfbxOwfDfZMO4jHfwDFqotSgHCHXn7//aQ==","sha1":"c76c4137137e98ecff98dc4b60996056b7de1577"},"filename":"vybscan-testbed-inert-postinstall-1.0.0.tgz"}],"evidence_files":[{"path":"package.json","sha256":"7926f6bc957d1d1037f3f413b8790785a144939c94455bd05827fd8e65f97a43","tlsh":"e9319581450592253ad001a8991f238fd735c32e42c4acd4d1ef429f874bd7722bb6bb"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}