{"id":"MAL-2026-7000","summary":"Malicious code in pipo-sdk (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (259159c0505b819905dcaf53172d98a4fd590a9ae1a40f87d2be4c1a7fdc4065)\nThis package is a dependency-confusion payload published at an abnormally high version (9999.0.0) targeting an internal package name (`pipo-sdk`). The `preinstall` lifecycle hook runs `node callback.js || true`, which collects host identity — hostname, username, platform, and current working directory — via `os.hostname()`, `os.userInfo()`, and `os.platform()`, and transmits that data to `pbnuwvwzmktaetcsjyyjlhncsf843r5a5.oast.fun` by two channels: (a) a DNS resolution of a subdomain encoding the collected fields under the OAST domain, and (b) an HTTPS POST of a JSON body containing the same fields. Any host that runs `npm install` — for example, an internal build system whose resolver picks the public 9999.0.0 over a legitimate internal version — will silently beacon its identity to the third-party OAST endpoint. The bug-bounty / research framing in the package metadata does not change the installer-side behavior: unsolicited host-identity exfiltration fires on install regardless of consent, and the resolver-hijack version pin ensures the payload is preferred over legitimate internal artifacts.\n","modified":"2026-07-08T17:16:48.942758287Z","published":"2026-07-08T16:27:59Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-008122","source":"amazon-inspector","sha256":"259159c0505b819905dcaf53172d98a4fd590a9ae1a40f87d2be4c1a7fdc4065","versions":["9999.0.0"],"modified_time":"2026-07-08T16:27:59Z","import_time":"2026-07-08T17:01:32.32667648Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/pipo-sdk/v/9999.0.0"}],"affected":[{"package":{"name":"pipo-sdk","ecosystem":"npm","purl":"pkg:npm/pipo-sdk"},"versions":["9999.0.0"],"database_specific":{"indicators":{"evidence_files":[{"sha256":"c5b39d3f2585bbb4df686867d46e661d0a4a11f11058e5fe27ca5d5cfc8844d8","tlsh":"2f3185e021f5a2a00bf2adc331eb11241126d219bd12e5d5b9dc03881fc97b84272ffc","path":"callback.js"},{"sha256":"c5374b01384a083736e684319cd256db556518ff92a60c8f0df2b83274eb3e6c","tlsh":"d8019e509d60883309f106d6447562007226ad2fec0efc0e73c6419cd7aeba6537d65e","path":"package.json"}],"package_integrity":[{"hashes":{"sha512_sri":"sha512-Jn18oxQgW9we+3Tvl0CmbGiyLaBNhc013Z/bTJTtC48ZcIRNVEGCDR0chpNHoiUbqpDYRjuJ5ek5Zjd61TL+yA==","sha1":"7e3049806c729d32cf2fae432cdd43c5deccb45b"},"filename":"pipo-sdk-9999.0.0.tgz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pipo-sdk/MAL-2026-7000.json","cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}