{"id":"MAL-2026-6718","summary":"Malicious code in test-pkg-yarn (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (40b74339843ee482f3f135dd43e855f1f30758e20857333e0e6153748888769a)\npackage.json declares `bin: { \"node\": \"./shim.js\" }`, causing `npm`/`yarn` to symlink `node` in `node_modules/.bin` (and in a system bin dir on global install) to a package-controlled script. Subsequent invocations of `node` resolved through that PATH entry execute shim.js instead of the real Node.js runtime, redirecting any tooling that expects `node` to attacker-controlled code. In addition, `scripts.postinstall` runs `bun shim.js || node shim.js`, and shim.js unconditionally invokes OS commands at install time via `child_process.execSync` — spawning a GUI calculator (`calc` on Windows, `gnome-calculator` on Linux, `open -a Calculator` on macOS), opening a URL in the user's browser, and writing a marker file to `/tmp/.bun-npm-pwned`. The package self-identifies as 'BunnyHijack PoC - yarn variant' with the console message '[!] PATH POISONED - test-pkg-yarn just hijacked your node command.' Although framed as a proof-of-concept and not currently exfiltrating data, the behavior is real install-time code execution against any developer who installs the package and a persistent hijack of the `node` command in PATH.\n","modified":"2026-07-01T21:16:41.838910467Z","published":"2026-07-01T20:47:51Z","database_specific":{"malicious-packages-origins":[{"source":"amazon-inspector","import_time":"2026-07-01T21:04:20.755909312Z","id":"IN-MAL-2026-007897","sha256":"11e7c03fcf57c76835129d9a0c35cc8b0ad262e164929fed2b0452f2d83eb44f","modified_time":"2026-07-01T20:47:51Z","versions":["1.0.2"]},{"source":"amazon-inspector","import_time":"2026-07-01T21:04:20.868827675Z","id":"IN-MAL-2026-007899","sha256":"40b74339843ee482f3f135dd43e855f1f30758e20857333e0e6153748888769a","modified_time":"2026-07-01T20:48:08Z","versions":["1.0.1"]},{"versions":["1.0.0"],"import_time":"2026-07-01T21:04:20.787779869Z","sha256":"c94364f82778798bd6d381c0359adb0f0eb92676036c117640d0370810b7ab2e","id":"IN-MAL-2026-007898","modified_time":"2026-07-01T20:47:57Z","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/test-pkg-yarn/v/1.0.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/test-pkg-yarn/v/1.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/test-pkg-yarn/v/1.0.0"}],"affected":[{"package":{"name":"test-pkg-yarn","ecosystem":"npm","purl":"pkg:npm/test-pkg-yarn"},"versions":["1.0.2","1.0.1","1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-pkg-yarn/MAL-2026-6718.json","indicators":{"package_integrity":[{"hashes":{"sha1":"932e1e7951721bf60858bb5db11e58073c676b1e","sha512_sri":"sha512-ZsZYjMO1aXwPqfM07+ryLjfRDcXPnQ/ZvvfsZrSpGi4Kixj+NU6EfcJfwRhtJUK0wdmmiIdHUoPx26tMDvYMCg=="},"filename":"test-pkg-yarn-1.0.2.tgz"}],"evidence_files":[{"sha256":"0a5b47939c9280af09b961619c386fea57ca3b197dd5003b41ceca244e89bbc7","tlsh":"dbd02b1088b1577325cd38905d6da403673c4b4780043c2c53d7119cab4a7bb08b9255","path":"package.json"},{"sha256":"3a0197615cc4fd1bbea22a9355a5d69fdbfe7a23f2a21c5a5afc17b4e6b5f6fa","tlsh":"3f316062c2e193b16ef619c2568b443175abdaa37240ffa4f29ec2225f4901203f74b8","path":"shim.js"}]},"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"},{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"},{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}