npm · Malicious package advisory
Malware@jaggle/resizeobserves
MAL-2026-4288
Malicious code in @jaggle/resizeobserves (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f)
Package name impersonates the popular @juggle/resize-observer (j→j substitution and pluralized 'resizeobserves') and the README is copied verbatim from the legitimate package, but the tarball ships an unrelated Python module (clipboard_guardian) that has nothing to do with a ResizeObserver polyfill. The postinstall hook (npm-install.cjs) bootstraps Python and pip on the installer's machine — attempting privileged installs via sudo -n / pkexec apt-get / pacman / dnf, falling back to fetching get-pip.py from bootstrap.pypa.io — then runs `pip install --break-system-packages` on the bundled clipper, and finally writes a persistent autostart entry under a disguised name: a systemd user unit `python3-dbus-helper.service` on Linux, a `com.apple.python.runtime.plist` LaunchAgent on macOS, or an `HKCU\...\Run\PyRuntimeBroker` value on Windows. Once running, clipboard_guardian/guardian.py monitors the user's clipboard, matches outgoing content against regexes for 40+ blockchains, and silently replaces any detected wallet address with one of the attacker's hardcoded wallets (e.g., ethereum 0x450c0E58Fc2ba03632d3F5780ad8C966648B6F18, bitcoin bc1qs2mpls4p0f7fng073gy2rcdgjpf7la4eugpt6y, plus monero/etc.) — any crypto payment the victim copies is redirected to the attacker. The daemon further disguises itself via setproctitle('python3-dbus-helper' / 'com.apple.python.runtime') and SetConsoleTitleW('Python Runtime Broker') to blend with OS components, ships an `anti-clipper` cover story in pyproject.toml while being the clipper itself, and contains an is_monitor_running() routine that pauses substitution when task managers / process explorers (taskmgr, procexp, procmon, ProcessHacker, Activity Monitor, htop, btop, gnome-system-monitor, etc.) are detected. The combination of typosquat naming, install-time privileged persistence, hardcoded attacker wallets, and explicit anti-analysis logic makes intent unambiguous.
## Source: ossf-package-analysis (954b112d434a28b13673c4ee516cd4f348148683727ee498290bbd5666a8262b)
The OpenSSF Package Analysis project identified '@jaggle/resizeobserves' @ 1.0.11 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
Compromised versions (20)
- 1.0.11
- 1.0.10
- 1.0.19
- 1.0.15
- 1.0.14
- 1.0.18
- 1.0.17
- 1.0.20
- 1.0.4
- 1.0.6
- 1.0.9
- 1.0.12
- 1.0.8
- 1.0.5
- 1.0.16
- 1.0.0
- 1.0.13
- 1.0.1
- 1.0.3
- 1.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.