{"id":"MAL-2026-6551","summary":"Malicious code in anthropic-internal-tools (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ab3bb04aee6f5f1d8768b7fd2173cd7c0cac18b5d83d6a83cf2be96a7512d8f7)\nPackage name impersonates the Anthropic namespace and ships a preinstall hook (scripts.preinstall = 'node index.js') that executes on every `npm install`. index.js performs bulk reads of installer-side credential files from the home directory — ~/.aws/credentials, ~/.aws/config, ~/.config/gcloud/application_default_credentials.json, ~/.azure/accessTokens.json, ~/.ssh/id_rsa.pub (and probes id_rsa), ~/.npmrc, ~/.gitconfig — and uses execSync to curl AWS IMDS (http://169.254.169.254/latest/meta-data/iam/security-credentials/) and GCP metadata (http://metadata.google.internal, Metadata-Flavor: Google) to capture IAM/service-account tokens. It also collects os.hostname(), os.userInfo(), cwd, and environment variables matching KEY|TOKEN|SECRET|PASS|AUTH|CRED|AWS|GCP|AZURE|NPM|REGISTRY. The beacon is POSTed via https.request to a hardcoded collector at https://webhook.site/2d1764b2-1249-4793-840f-7846d7d820cd. Installing this package on a developer workstation or CI runner discloses long-lived cloud credentials, SSH keys, and registry tokens to a third-party endpoint, and on cloud-hosted CI additionally yields short-lived IAM/service-account tokens usable to pivot into the installer's cloud account. The package self-describes as a 'dependency confusion PoC', confirming the namespace-impersonation intent against an internal Anthropic-named package.\n","modified":"2026-06-28T07:01:42.268891247Z","published":"2026-06-28T05:59:11Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.0"],"id":"IN-MAL-2026-007688","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"source":"amazon-inspector","sha256":"47963d44c126223c729c2c53a19c1c7d79f2f66cc1dca56c98ba4412eed31f5f","import_time":"2026-06-28T06:50:41.96418107Z","modified_time":"2026-06-28T05:59:11Z"},{"versions":["1.0.2"],"id":"IN-MAL-2026-007690","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"source":"amazon-inspector","sha256":"63383c78f8dd92a67e70a3599f18778ff6ce73e42cba64abec624522ea1a254b","import_time":"2026-06-28T06:50:42.201521831Z","modified_time":"2026-06-28T05:59:25Z"},{"versions":["1.0.1"],"id":"IN-MAL-2026-007689","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"source":"amazon-inspector","sha256":"ab3bb04aee6f5f1d8768b7fd2173cd7c0cac18b5d83d6a83cf2be96a7512d8f7","import_time":"2026-06-28T06:50:42.068142918Z","modified_time":"2026-06-28T05:59:19Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/anthropic-internal-tools/v/1.0.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/anthropic-internal-tools/v/1.0.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/anthropic-internal-tools/v/1.0.1"}],"affected":[{"package":{"name":"anthropic-internal-tools","ecosystem":"npm","purl":"pkg:npm/anthropic-internal-tools"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["1.0.0","1.0.2","1.0.1"],"database_specific":{"indicators":{"evidence_files":[{"tlsh":"515187d215e2ed513bdbe4e0f32a38101a73f98b2e05f8d47c9c09055a4d998a1b3db5","path":"index.js","sha256":"d071abdba18bcdb17affb38b9cc9b638cf6625af897e2af1fc274f3920081dc0"},{"tlsh":"d0e02629883388730ce45ae41a768006a4b24cbf0098b80c2347101ca1cf66a95fa30d","path":"package.json","sha256":"7530cb8ea4a690b1f21ddfd18bb950d60cad09e1651fec93122dd161eccc0e58"}],"package_integrity":[{"filename":"anthropic-internal-tools-1.0.0.tgz","hashes":{"sha512_sri":"sha512-/ahAoJ+tKU83xjqdSOLX/hw564RZCXa6mNogo9BAFgioALpt3BRedZmsQEBVouDAlwb5c7S15euOMKS2Qws0yA==","sha1":"077a3aaaae7145f074050198d7739d059fbb0f7f"}}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/anthropic-internal-tools/MAL-2026-6551.json","cwes":[{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}