{"id":"MAL-2026-4476","summary":"Malicious code in ai3 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (83540d952123c5d1199bbec1a72d0c4c49c428f309b9d68df45e307b852000a7)\npackage.json declares `\"preinstall\": \"./.github/scripts/precheck\"`, which points at a 976,568-byte precompiled Linux ELF x86-64 binary shipped inside the tarball with no source, no build script, no binding.gyp, and no documentation. On `npm install` the binary runs automatically with the installer's privileges. Extracted strings show HTTP client code (`HTTP/1.1`, `POST`, `Host:`), full TLS/crypto stacks (`RSA_PKCS1_`, `Ed25519`, `MLKEM`, `X448`), and GitHub API fingerprints — consistent with a network-capable dropper / credential harvester rather than a legitimate native addon. The payload is staged under `.github/scripts/` (a directory normally reserved for non-executing GitHub Actions workflow files) and named `precheck` with no extension, both consistent with deliberate concealment from reviewers. Package metadata is empty (`description: \"\"`, `author: \"\"`). Installing this package runs attacker-controlled compiled code on the installer's machine.\n\n## Source: google-open-source-security (146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae)\nThis package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinstall hook. The payload is a Rust-built infostealer that targets developer environments, scanning for and harvesting credentials related to cloud providers, object storage, databases, source-control, package registries, and AI developer tools. It also targets cryptocurrency wallets, specifically injecting a malicious JavaScript hook into the Exodus desktop wallet to capture passwords and recovery phrases. Furthermore, the malware exhibits worm-like behavior by stealing GitHub and NPM credentials to push malicious updates to the victim's repositories and publish trojanized packages, and it uses an eBPF-based kernel rootkit to hide its processes and network connections on Linux systems.\n","modified":"2026-06-04T23:16:44.437418421Z","published":"2026-05-26T01:00:28Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-26T01:00:28Z","source":"amazon-inspector","import_time":"2026-05-26T05:53:21.172068284Z","id":"IN-MAL-2026-004823","versions":["0.3.5"],"sha256":"83540d952123c5d1199bbec1a72d0c4c49c428f309b9d68df45e307b852000a7"},{"modified_time":"2026-06-04T22:28:51.769005667Z","source":"google-open-source-security","import_time":"2026-06-04T22:42:01.227855Z","versions":["0.3.5"],"sha256":"146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/ai3/v/0.3.5"},{"type":"ARTICLE","url":"http://www.ox.security/blog/ironworm-supply-chain-malware-hits-npm/"},{"type":"ARTICLE","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"}],"affected":[{"package":{"name":"ai3","ecosystem":"npm","purl":"pkg:npm/ai3"},"versions":["0.3.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ai3/MAL-2026-4476.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"tlsh":"0c2533ab0025062b904d957a58963bd279c17c81afcc3662664dae742fb59c3cf63fc3","path":".github/scripts/precheck","sha256":"36abd242ddaa27f0160c539377a0e92cf781c1695137850acc87e3892b436d36"},{"path":"package.json","tlsh":"9d016d34cca4cda314c556e4a8ba018379a359635814fc1973f7671c9f8c65f30be25d","sha256":"b47dccfedb1750ae0df50c4b87b512298474f50ebe7aef1537a032aecec71cd6"}],"package_integrity":[{"hashes":{"sha1":"eb3825b7624233514ef934dcf5bf1e59ddd94e60","sha512_sri":"sha512-06symuUbZOVVS5rsHiOKLPvK7lg8usL+Yt6M72hO/0WnV6UH7uTDdPitv7e/xDJR0XBHSHE/afchmSQqH81Lrw=="},"filename":"ai3-0.3.5.tgz"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}