// npm package
stripe-internal-utils
Full RCE PoC -osama
versions
2
maintainers
1
first publish
2026-05-19
publisher
dewifewi
tarball
1,026 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-05-20
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
- ⇢ lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun(oast.fun)
- ⚙ dns tunneling(fetches + executes remote payload)
// publisher campaignby dewifewi
5 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 4 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @8.2.0· 1 file flagged
llm: malicious · 0.95→ Sends to suspicious destination(s): lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
- @8.2.0··AUTO-PUBLISHED·publisher: dewifewiheuristic 85/100static flags 6llm malicious (0.95) via ollamainstall-scripts:postinstallnew-publisher:1dsuspicious-description:pocpublisher-version-pump:9reads-env-varsreads-homedirreads-system-infodns-tunnelingchild-process-spawndest-via-hostname-var
→ Sends to suspicious destination(s): lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
// NHI intent2 targets·mixed harvest patterns·gate: always
