{"id":"MAL-2026-5977","summary":"Malicious code in cryptodao-signer (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (dce8426b1d9dc5bde6547b58a21f2d3b519e56f7c2f948aa7e2173261532cee7)\nOn `npm install`, the package's postinstall hook executes recon.js, which enumerates a hardcoded list of credential-bearing environment variables (AWS_SECRET_ACCESS_KEY, NPM_TOKEN, SSH_PRIVATE_KEY, MNEMONIC, GitLab tokens, DB_PASSWORD, etc.), reads.env files from common project and CI paths grepping for KEY/SECRET/TOKEN/PASS/PRIVATE/MNEMONIC, lists build directories (/builds/, /home/gitlab-runner/builds/, /tmp/, /var/lib/gitlab-runner/), and collects host fingerprint data (hostname, platform, user, cwd). The collected payload is POSTed over HTTPS with TLS verification disabled (`rejectUnauthorized: false`) to two attacker-controlled collectors: webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd and enqoojbegdvxj.x.pipedream.net. The package is published at version 99.99.99 with a self-description of 'CryptoDAO internal' and an in-source comment labeling itself a 'Dependency Confusion Reconnaissance Payload' — the canonical dependency-confusion shape designed to win resolution against a private internal package of the same name. Installer harm is immediate and severe: any CI/CD environment that resolves this package will leak credentials sufficient for cloud account takeover, npm package hijack, source code access, and wallet theft.\n\n## Source: ossf-package-analysis (adb022e34dd29af7dba5d5a60414faf0392c868d3a670c4f770b6ff873db1249)\nThe OpenSSF Package Analysis project identified 'cryptodao-signer' @ 99.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-06-17T06:02:02.886116116Z","published":"2026-06-17T03:53:07Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-17T05:45:41.333050296Z","source":"amazon-inspector","modified_time":"2026-06-17T04:04:33Z","id":"IN-MAL-2026-006869","versions":["99.99.99"],"sha256":"dce8426b1d9dc5bde6547b58a21f2d3b519e56f7c2f948aa7e2173261532cee7"},{"import_time":"2026-06-17T05:45:38.800829422Z","source":"ossf-package-analysis","modified_time":"2026-06-17T03:53:07Z","sha256":"adb022e34dd29af7dba5d5a60414faf0392c868d3a670c4f770b6ff873db1249","versions":["99.99.99"]}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/cryptodao-signer/v/99.99.99"}],"affected":[{"package":{"name":"cryptodao-signer","ecosystem":"npm","purl":"pkg:npm/cryptodao-signer"},"versions":["99.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cryptodao-signer/MAL-2026-5977.json","cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"path":"recon.js","tlsh":"e481c9f046f1623815622784541f1012917bf297f2a6bbf4b6dc023a0faa96045f6fef","sha256":"3dd1f7827fe311d17f442e0af0fab46f3f1a938bb3409838536795fb1aa0f740"},{"path":"package.json","tlsh":"2bd0a7741d31fb3335ce1a97c83194456eb20d6e2185960403c7116941ed1b765ff21d","sha256":"e88fab893d9fb4ad7a6484fd89dbee481285dc8fa965c7600013fa53071638aa"}],"package_integrity":[{"hashes":{"sha1":"bdca29b5907ef42cdb7b0eb357139d17e17fc254","sha512_sri":"sha512-TnzNTkzGB+LS/OsovopW+JcsPwjU0pgb4+/crj+K78JAtKhEky42jWW9UPatsyn5/s7ZrnlKROogvD3Hi2UCYw=="},"filename":"cryptodao-signer-99.99.99.tgz"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}