{"id":"MAL-2026-5966","summary":"Malicious code in cryptodao-backend (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (2dbe5f8614a264a8d3cdd2ecf8ecd2ad17292dbb5c5bcc25d0ae9d77eb8821df)\npackage.json declares `postinstall: node recon.js`, which auto-runs on `npm install`. recon.js (lines 30-46) scrapes a curated list of credential-bearing environment variables including AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, NPM_TOKEN, CI_REGISTRY_PASSWORD, GITLAB_ACCESS_TOKEN, SSH_PRIVATE_KEY, PRIVATE_KEY, MNEMONIC, and DB_PASSWORD. It additionally enumerates and reads.env files at multiple paths outside the package's own scope (`.env`, `../.env`, `/app/.env`, `/home/gitlab-runner/.env`, `/root/.env`), filtering lines matching /KEY|SECRET|TOKEN|PASS|PRIVATE|MNEMONIC/i. The collected JSON payload is POSTed (recon.js:84-87, 99-106) over HTTPS with `rejectUnauthorized:false` to two attacker-controlled endpoints: `https://webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd` and `https://enqoojbegdvxj.x.pipedream.net/`. The package self-describes as the \"CryptoDAO internal cryptodao-backend module\" and is published at version 99.99.99 — the canonical dependency-confusion shape designed to outrank a private internal package of the same name during npm resolution. A source comment in recon.js explicitly labels itself a \"Dependency Confusion Reconnaissance Payload.\"\n\n## Source: ossf-package-analysis (53a8a16fe6b574758e079eb66c47dc1dd063043bb38dd8e1534d357d43509270)\nThe OpenSSF Package Analysis project identified 'cryptodao-backend' @ 99.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-06-17T06:02:02.001766104Z","published":"2026-06-17T03:39:24Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","versions":["99.99.99"],"sha256":"53a8a16fe6b574758e079eb66c47dc1dd063043bb38dd8e1534d357d43509270","import_time":"2026-06-17T03:48:43.099414945Z","modified_time":"2026-06-17T03:39:24Z"},{"source":"amazon-inspector","versions":["99.99.99"],"id":"IN-MAL-2026-006862","sha256":"2dbe5f8614a264a8d3cdd2ecf8ecd2ad17292dbb5c5bcc25d0ae9d77eb8821df","import_time":"2026-06-17T05:45:40.994292109Z","modified_time":"2026-06-17T04:04:28Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/cryptodao-backend/v/99.99.99"}],"affected":[{"package":{"name":"cryptodao-backend","ecosystem":"npm","purl":"pkg:npm/cryptodao-backend"},"versions":["99.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cryptodao-backend/MAL-2026-5966.json","cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"hashes":{"sha512_sri":"sha512-teLV8yelKhMy3ttXreEw8k/pIGCNIZWS6fj+HeRVzJ42grIKRe36wx2NHE2RdvH4Ai6sYRvfOjsdjWoCKiJEEg==","sha1":"6fb6559b42a1a9d3fa11451b4894057713e4f57d"},"filename":"cryptodao-backend-99.99.99.tgz"}],"evidence_files":[{"sha256":"3dd1f7827fe311d17f442e0af0fab46f3f1a938bb3409838536795fb1aa0f740","tlsh":"e481c9f046f1623815622784541f1012917bf297f2a6bbf4b6dc023a0faa96045f6fef","path":"recon.js"},{"sha256":"d3d0024952b332974a65513a5292334aeca356600e70b0bf18dd56fd40f79f6c","tlsh":"08d0a7342d31bb233acd5a975c71990566b20d5f11009604038711a841fd2ba68ff21d","path":"package.json"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}