VYPR

npm · Malicious package advisory

Malware

antsrcsrctest

MAL-2026-10038

Malicious code in antsrcsrctest (npm)

Details

The npm package `antsrcsrctest` masquerades as a "simple date formatting utility" (`index.js` exports a harmless `formatDate()` function that is never referenced by the malicious code) but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a `preinstall: node preinstall.js` hook, so the payload executes automatically on `npm install`, before the package is ever imported or used. `preinstall.js` collects `os.hostname()`, `os.platform()`, `process.cwd()`, and the victim's entire `process.env` (all environment variables, frequently containing API keys, tokens and secrets); fingerprints container context by checking for `/.dockerenv` and reading `/proc/1/cgroup` and `/proc/self/mountinfo`; runs local reconnaissance commands via `child_process.execSync` (`id`, `whoami`, `hostname`, `ps aux`); and performs SSRF against the Alibaba Cloud (Aliyun) instance metadata service at `http://100.100.100.200/latest/meta-data/`, specifically probing `/latest/meta-data/ram/security-credentials/` in an attempt to steal cloud IAM role credentials. All of the above (including the full environment variable dump) is exfiltrated via two plaintext HTTP POST requests (to `/` and `/env`) to a hardcoded C2 endpoint `http://101.35.44.248` (raw IP, port 80, no TLS) using Node's built-in `http` module. All errors are silently swallowed so the attack is invisible to the installer. The package was published by npm user `xingzhigege` (`xingzhi@foxmail.com`).

Analysis performed via static review only (npm registry metadata and package source retrieved as text via the npm registry and unpkg CDN) — the package was not installed or executed.

---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (80da6b239fe02ae1bbf7086d885062181d9ea048490ad77911a63ae4c393cc42)
On `npm install`, the declared preinstall script (preinstall.js) POSTs the installer's full `process.env`, `os.hostname()`, `os.platform()`, cwd, container-detection artifacts (`/.dockerenv`, `/proc/1/cgroup`, `/proc/self/mountinfo`), and the output of shell reconnaissance commands (`id`, `whoami`, `hostname`, `ps aux`) to `http://101.35.44.248` over plain HTTP. The script additionally issues `curl` requests to the Alibaba Cloud instance metadata service at `100.100.100.200`, including the `latest/meta-data/ram/security-credentials/` path that returns temporary IAM credentials for the instance role, and forwards the response to the same attacker endpoint. The package advertises itself as "a simple date formatting utility" and index.js contains only a 7-line date formatter, confirming a decoy cover story for install-time credential theft and environment exfiltration.

Compromised versions (1)

  • 1.0.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.