VYPR

npm · Malicious package advisory

Malware

@wagni_bot/polygon-sdk

MAL-2026-10032

Malicious code in @wagni_bot/polygon-sdk (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f85b2cfd5c419bda02db4b760641cc2ff9c9214b2e17cf6689bb7936866944e7)
The package's postinstall.js runs unconditionally on `npm install` and scans the installer's current working directory and home directory — including ~/.ssh, ~/.ethereum, ~/.config/ethereum, ~/.solana, ~/.bitcoin, and ~/Library/Ethereum — for wallet keystores, PEM/SSH private keys (id_rsa, id_ed25519,.pem,.key), and files matching seed/mnemonic/keystore/wallet/secret/private patterns. Matching file contents (truncated to 10000 bytes) plus a filtered subset of process.env (variables whose names contain PRIVATE, SECRET, TOKEN, KEY, PASSWORD, MNEMONIC, SEED, WALLET, or AWS) are POSTed to a hardcoded bare-IP endpoint at http://107.161.90.180:7777. Each request also carries os.hostname(), os.userInfo().username, and process.cwd() so the attacker can attribute the stolen secrets to a specific victim host. The advertised `main` (index.js) exports an empty object — the package has no legitimate functionality; the credential stealer is its only behavior. The name `@wagni_bot/polygon-sdk` with description 'Unofficial polygon-sdk SDK' impersonates the Polygon blockchain SDK ecosystem to attract crypto developers whose environments are especially likely to contain wallet keystores and seed phrases.

Compromised versions (7)

  • 1.1.5
  • 1.1.4
  • 1.0.0
  • 1.1.1
  • 1.1.0
  • 1.1.3
  • 1.2.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.