VYPR

npm · Malicious package advisory

Malware

@wagni_bot/metemask-sdk

MAL-2026-10028

Malicious code in @wagni_bot/metemask-sdk (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (cb3278c8cf58eb66a4a0b385f9e36f59b1ad9bca93baf2c6de84e40d550d73ba)
`@wagni_bot/metemask-sdk` is a single-character typosquat of the legitimate `metamask-sdk` package ("metemask" vs "metamask"). `index.js` is an empty stub (`module.exports = {}`); the package has no functional library code. Its sole effect is a `postinstall` hook (`postinstall.js`) that runs at `npm install` time and performs credential theft against the installer:

- Recursively walks `process.cwd()`, `os.homedir()`, and `~/.ssh`, reading files whose names match `.env`, `.cred`, `.pem`, `.key`, `mnemonic`, `seed`, `wallet`, `secret`, `id_rsa`, `id_ed25519`. This captures SSH private keys, crypto-wallet seed phrases/keystores, and dotenv secrets.
- Enumerates `process.env` and filters keys containing `PRIVATE`, `SECRET`, `TOKEN`, `API_KEY`, `PASSWORD`, `MNEMONIC`, `SEED`, `WALLET`, `AWS`, capturing their values.
- Collects host identifiers via `os.hostname()`, `os.userInfo()`, platform, and cwd.
- POSTs the harvested content (chunked) to `https://api.telegram.org/bot<hardcoded-token>/sendMessage` targeting attacker chat_id `892359416`.

This satisfies the attacker-benefit gate (bulk exfiltration of installer-owned SSH keys, wallet seeds, and credential env vars to an attacker-controlled Telegram channel) and auto-executes on default `npm install` via the `postinstall` lifecycle. The typosquat name targets developers intending to install MetaMask's SDK.

Compromised versions (7)

  • 1.1.5
  • 1.1.1
  • 1.0.0
  • 1.2.0
  • 1.1.4
  • 1.1.3
  • 1.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.