npm · Malicious package advisory
Malware@aledan007/tester
MAL-2026-4360
Malicious code in @aledan007/tester (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439)
The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com adjacent to fetch() and POST primitives, alongside require("child_process") usage. The combination of an explicit external attacker domain wired to outbound POST/fetch calls together with child_process import is the canonical shape of an installer-side exfiltration / remote command execution payload. The destination is not a vendor/publisher domain and has no legitimate purpose; any installer requiring or running this package risks having host data and command output sent to the attacker endpoint.
Compromised versions (1)
- 0.4.5
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.