{"id":"MAL-2026-5475","summary":"Malicious code in ipy-rev-proxy (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555)\nOn `npm install`, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to https://webhook.site/40b5f3e2-4072-4f2c-b259-0ecb531755d7. The same script then probes Google's internal SSO proxy at http://uberproxy.corp.google.com/procz and the GCE metadata endpoint http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token (with the required `Metadata-Flavor: Google` header) and forwards any 200 response — including GCE service-account tokens — plus `hostname`, `id`, and `uname -a` output to the same webhook. The package presents itself with a generic Jupyter description and the placeholder author 'IPython Development Team' but ships no functional code matching that description; the name and metadata are consistent with a dependency-confusion lure aimed at Google internal builds.\n","modified":"2026-06-09T21:01:33.436059126Z","published":"2026-06-09T20:21:12Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-09T20:21:12Z","versions":["9.3.1"],"import_time":"2026-06-09T20:45:51.402034941Z","source":"amazon-inspector","sha256":"591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555","id":"IN-MAL-2026-005194"},{"modified_time":"2026-06-09T20:21:13Z","versions":["9.3.1"],"import_time":"2026-06-09T20:45:51.531074945Z","source":"amazon-inspector","sha256":"5b5e8b8bd7fa1b9720229e7ba23e00e08a5a843e209fc8525d58a05ea3e70321","id":"IN-MAL-2026-005195"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/ipy-rev-proxy/v/9.3.1"}],"affected":[{"package":{"name":"ipy-rev-proxy","ecosystem":"npm","purl":"pkg:npm/ipy-rev-proxy"},"versions":["9.3.1"],"database_specific":{"indicators":{"evidence_files":[{"sha256":"f2cfeab493efeb0f26cb827cf2550c3f57944b96382425bbe850707d0ed36957","path":"index.js","tlsh":"b451758ed5e4046111a7b67c9a2f560535a2e0131909fc94becc93664fac57d42f38ed"}],"domains":["metadata.google.internal","metadata.google.internal.ec2.internal","webhook.site","uberproxy.corp.google.com"],"package_integrity":[{"filename":"ipy-rev-proxy-9.3.1.tgz","hashes":{"sha512_sri":"sha512-wnlN7xJBWm9f0Ncfbewz+YhdWQGsP7ibLBg9FK4wxxvegk8WHRxfBv1yGWZ5MoUNrRKdBmOp0F92RcPBDzbBsA==","sha1":"9b9fc03ce8938ad55f323efb0c34eeef95815ac4"}}]},"cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ipy-rev-proxy/MAL-2026-5475.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}