{"id":"MAL-2026-4525","summary":"Malicious code in claude-internal-utils (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (24a94a290c15f2b6cdaf351590455cd597bb2881f7bbcf1609fbfbd8031e491f)\nPackage name impersonates an internal Anthropic 'claude-*' namespace and the description field self-identifies as 'Alex Birsan Style' dependency-confusion bait. The package ships no library code; its only effect is a postinstall lifecycle hook that runs an inline node one-liner which fetches the installer's public IP from api.ipify.org, executes `id || ver && whoami && hostname` via child_process.exec, and POSTs hostname, cwd, USERDOMAIN/COMPANY env vars, public IP, package name, and the command output as JSON to a hardcoded attacker subdomain at lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun (an out-of-band interaction service commonly used for exfiltration). Fires automatically on `npm install`, before any consumer code runs.\n","modified":"2026-05-26T06:02:21.217533684Z","published":"2026-05-20T23:55:57Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-003653","import_time":"2026-05-26T05:51:03.000265919Z","sha256":"0907de4f4ae6bbfa72bdca010597aeac418f4c6c6e0af3c5516c3a5041171b55","modified_time":"2026-05-20T23:55:58Z","versions":["9.0.5"],"source":"amazon-inspector"},{"id":"IN-MAL-2026-003652","import_time":"2026-05-26T05:51:02.904736044Z","modified_time":"2026-05-20T23:55:57Z","sha256":"24a94a290c15f2b6cdaf351590455cd597bb2881f7bbcf1609fbfbd8031e491f","versions":["9.0.5"],"source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/claude-internal-utils/v/9.0.5"}],"affected":[{"package":{"name":"claude-internal-utils","ecosystem":"npm","purl":"pkg:npm/claude-internal-utils"},"versions":["9.0.5"],"database_specific":{"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/claude-internal-utils/MAL-2026-4525.json","indicators":{"domains":["lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun","api.ipify.org"],"package_integrity":[{"hashes":{"sha1":"3df62d23421424de8d48f5ff596f5a40fd18698e","sha512_sri":"sha512-fQLCcZl8UM/xyFAy9LemVh2Zq/z98d7scs4W3HWHh7VEryxFS8MhxlejJESkMRebLB1AsQhAh6Kn8B3WZUcueg=="},"filename":"claude-internal-utils-9.0.5.tgz"}],"evidence_files":[{"tlsh":"231135f19990eb75e3d157f87a17d405ed63e70b61108cb0a86c17814b841b0559bf9c","path":"package.json","sha256":"166f1e78f5f9fe79fe80e3a19f920599f6c24a7b295ad06de5771a9ee951e2df"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}