npm · Malicious package advisory
Malwareclaude-internal-utils
MAL-2026-4525
Malicious code in claude-internal-utils (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (24a94a290c15f2b6cdaf351590455cd597bb2881f7bbcf1609fbfbd8031e491f) Package name impersonates an internal Anthropic 'claude-*' namespace and the description field self-identifies as 'Alex Birsan Style' dependency-confusion bait. The package ships no library code; its only effect is a postinstall lifecycle hook that runs an inline node one-liner which fetches the installer's public IP from api.ipify.org, executes `id || ver && whoami && hostname` via child_process.exec, and POSTs hostname, cwd, USERDOMAIN/COMPANY env vars, public IP, package name, and the command output as JSON to a hardcoded attacker subdomain at lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun (an out-of-band interaction service commonly used for exfiltration). Fires automatically on `npm install`, before any consumer code runs.
Compromised versions (1)
- 9.0.5
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.