{"id":"MAL-2026-4255","summary":"Malicious code in cdk-sagemaker-notebook-workflow (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6cc9c1db01ca14b294be21438478ec14dc6549a4b7b9ec5cf73dd7aa227f7ad8)\nThe package declares a `preinstall` hook (`node index.js`) in package.json that fires automatically on `npm install`. The script collects `os.hostname()`, `os.userInfo().username`, `os.platform()`, current working directory, home directory, the contents of `/etc/passwd` (`fs.readFileSync('/etc/passwd', 'utf8')`), and the first 30 entries of `process.env` (`Object.entries(process.env).slice(0, 30)`), then POSTs the JSON payload to `https://3nrgzlqwix6erldow0s0kttsojuai36s.oastify.com/greengrass/\u003cexecId\u003e` — a Burp Collaborator-style OAST host. Bulk env-var enumeration on CI runners typically captures `AWS_SECRET_ACCESS_KEY`, `GITHUB_TOKEN`, `NPM_TOKEN`, and similar credentials. The package name impersonates the AWS CDK construct namespace (`cdk-sagemaker-notebook-workflow`) and the README contains the string `Takeover By l0bo`, confirming attacker intent. This is an unambiguous install-time credential and host-data exfiltrator with a typosquat lure on the AWS CDK ecosystem.\n\n## Source: ossf-package-analysis (2f835f9a0447616b7070857544dcd2d34d3d287d213eb359769be5cc80daf3e8)\nThe OpenSSF Package Analysis project identified 'cdk-sagemaker-notebook-workflow' @ 2.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-26T06:02:17.631026801Z","published":"2026-05-22T11:45:44Z","database_specific":{"malicious-packages-origins":[{"sha256":"536cb79da290dd24ddd8ec1dd5fefbd6313bf5b622bbad6a9933fb3fb81bcb44","import_time":"2026-05-22T13:04:11.115789607Z","versions":["1.0.0"],"source":"ossf-package-analysis","modified_time":"2026-05-22T12:00:39Z"},{"sha256":"2f835f9a0447616b7070857544dcd2d34d3d287d213eb359769be5cc80daf3e8","import_time":"2026-05-24T12:30:15.409697413Z","versions":["2.0.5"],"source":"ossf-package-analysis","modified_time":"2026-05-24T12:01:45Z"},{"sha256":"0c452e5366df84fc79334f47faecad07d7cb21fdbcca62d5f5630ad13f6debb8","import_time":"2026-05-26T05:52:07.528819488Z","id":"IN-MAL-2026-004197","versions":["1.0.0"],"source":"amazon-inspector","modified_time":"2026-05-22T11:45:44Z"},{"sha256":"0d957bae73cd17cd27ed3b594cb5063797d8c18a9dda018887a32ff8e85a3617","import_time":"2026-05-26T05:52:07.997105313Z","modified_time":"2026-05-22T13:10:22Z","versions":["1.0.1"],"source":"amazon-inspector","id":"IN-MAL-2026-004201"},{"sha256":"2a051645ba8b7a584175d7063a7d4829e70025b9e2636ba6963e6ce9501cc452","import_time":"2026-05-26T05:52:43.885733761Z","id":"IN-MAL-2026-004504","versions":["2.0.5"],"source":"amazon-inspector","modified_time":"2026-05-24T11:57:33Z"},{"sha256":"b81bb9433f48fe99e6eb4536ed122730a0e04b662606555519076decfc8938f4","import_time":"2026-05-26T05:52:43.753952575Z","modified_time":"2026-05-24T11:57:33Z","versions":["2.0.5"],"source":"amazon-inspector","id":"IN-MAL-2026-004503"},{"sha256":"e6729c63b068cdba53c2f09a9f38f7020fefc8bb3c0fa820307feb4e8445fd9d","import_time":"2026-05-26T05:52:08.363167972Z","modified_time":"2026-05-22T13:22:20Z","id":"IN-MAL-2026-004204","source":"amazon-inspector","versions":["1.0.2"]},{"sha256":"04cfadbc867fc5da65c0084089a8c21982b7b086d0798c0c86d30b1cb22c2bb9","import_time":"2026-05-26T05:52:43.430131324Z","modified_time":"2026-05-24T11:49:29Z","versions":["2.0.4"],"source":"amazon-inspector","id":"IN-MAL-2026-004501"},{"sha256":"6cc9c1db01ca14b294be21438478ec14dc6549a4b7b9ec5cf73dd7aa227f7ad8","import_time":"2026-05-26T05:52:07.419447356Z","modified_time":"2026-05-22T11:45:44Z","versions":["1.0.0"],"source":"amazon-inspector","id":"IN-MAL-2026-004196"},{"sha256":"c5dbd0c88e9755ed081f0b8c96bc09e0e380eea1394b1fb3e61050ff1d67552e","import_time":"2026-05-26T05:52:11.400984503Z","modified_time":"2026-05-22T15:24:41Z","versions":["1.0.3"],"source":"amazon-inspector","id":"IN-MAL-2026-004225"},{"sha256":"ff7c0a5d540e5ff3b2798858685b3bb07b0e24c9faccccd526d9331d71ad08f7","import_time":"2026-05-26T05:52:43.550244482Z","versions":["2.0.4"],"modified_time":"2026-05-24T11:49:29Z","source":"amazon-inspector","id":"IN-MAL-2026-004502"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/cdk-sagemaker-notebook-workflow/v/1.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/cdk-sagemaker-notebook-workflow/v/2.0.5"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/cdk-sagemaker-notebook-workflow/v/1.0.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/cdk-sagemaker-notebook-workflow/v/2.0.4"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/cdk-sagemaker-notebook-workflow/v/1.0.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/cdk-sagemaker-notebook-workflow/v/1.0.3"}],"affected":[{"package":{"name":"cdk-sagemaker-notebook-workflow","ecosystem":"npm","purl":"pkg:npm/cdk-sagemaker-notebook-workflow"},"versions":["1.0.0","2.0.5","1.0.1","1.0.2","2.0.4","1.0.3"],"database_specific":{"indicators":{"package_integrity":[{"filename":"cdk-sagemaker-notebook-workflow-1.0.1.tgz","hashes":{"sha512_sri":"sha512-ptM9yvYk0hwKtTCYb10zPi2BVJmvf+zgrDpK7sUUO3VWwX2RrwYnFhYbqJTyCrrQWEEAA7qx/9sPSk0/MO4PTw==","sha1":"af3573f0c5cef33754701a396a96cb5a38d72823"}}],"domains":["3nrgzlqwix6erldow0s0kttsojuai36s.oastify.com"],"evidence_files":[{"sha256":"55864aa6619522f14d2d2add969cb9b1e96499659ee657c48bcf9c649a26e52a","path":"index.js","tlsh":"7e414f9065f9963476f36c80f54355236b23f6023806f6e0badc038a17c9be41172ab9"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cdk-sagemaker-notebook-workflow/MAL-2026-4255.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}