VYPR

npm · Malicious package advisory

Malware

claude-internal-utils

MAL-2026-4525

Malicious code in claude-internal-utils (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (24a94a290c15f2b6cdaf351590455cd597bb2881f7bbcf1609fbfbd8031e491f)
Package name impersonates an internal Anthropic 'claude-*' namespace and the description field self-identifies as 'Alex Birsan Style' dependency-confusion bait. The package ships no library code; its only effect is a postinstall lifecycle hook that runs an inline node one-liner which fetches the installer's public IP from api.ipify.org, executes `id || ver && whoami && hostname` via child_process.exec, and POSTs hostname, cwd, USERDOMAIN/COMPANY env vars, public IP, package name, and the command output as JSON to a hardcoded attacker subdomain at lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun (an out-of-band interaction service commonly used for exfiltration). Fires automatically on `npm install`, before any consumer code runs.

Compromised versions (1)

  • 9.0.5

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.