npm · Malicious package advisory
Malware@wagni_bot/metemask-sdk
MAL-2026-10028
Malicious code in @wagni_bot/metemask-sdk (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (cb3278c8cf58eb66a4a0b385f9e36f59b1ad9bca93baf2c6de84e40d550d73ba)
`@wagni_bot/metemask-sdk` is a single-character typosquat of the legitimate `metamask-sdk` package ("metemask" vs "metamask"). `index.js` is an empty stub (`module.exports = {}`); the package has no functional library code. Its sole effect is a `postinstall` hook (`postinstall.js`) that runs at `npm install` time and performs credential theft against the installer:
- Recursively walks `process.cwd()`, `os.homedir()`, and `~/.ssh`, reading files whose names match `.env`, `.cred`, `.pem`, `.key`, `mnemonic`, `seed`, `wallet`, `secret`, `id_rsa`, `id_ed25519`. This captures SSH private keys, crypto-wallet seed phrases/keystores, and dotenv secrets.
- Enumerates `process.env` and filters keys containing `PRIVATE`, `SECRET`, `TOKEN`, `API_KEY`, `PASSWORD`, `MNEMONIC`, `SEED`, `WALLET`, `AWS`, capturing their values.
- Collects host identifiers via `os.hostname()`, `os.userInfo()`, platform, and cwd.
- POSTs the harvested content (chunked) to `https://api.telegram.org/bot<hardcoded-token>/sendMessage` targeting attacker chat_id `892359416`.
This satisfies the attacker-benefit gate (bulk exfiltration of installer-owned SSH keys, wallet seeds, and credential env vars to an attacker-controlled Telegram channel) and auto-executes on default `npm install` via the `postinstall` lifecycle. The typosquat name targets developers intending to install MetaMask's SDK.
Compromised versions (7)
- 1.1.5
- 1.1.1
- 1.0.0
- 1.2.0
- 1.1.4
- 1.1.3
- 1.1.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.