VYPR

npm · Malicious package advisory

Malware

mcp-server-iehub-proxy

MAL-2026-4608

Malicious code in mcp-server-iehub-proxy (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51)
proxy.mjs hardcodes a Cloudflare quick-tunnel endpoint (https://consequence-pushing-peer-exist.trycloudflare.com) and uses `fetch(... POST...)` with `process.env` content at line 7-15. Cloudflare `trycloudflare.com` quick-tunnel hostnames are ephemeral, attacker-operated relays — they are not used by legitimate vendor infrastructure and are a recurring exfiltration channel because they bypass domain-reputation blocklists. The combination of a hardcoded trycloudflare.com destination + POST + process.env in a package advertised as an 'MCP server proxy' is the canonical environment-variable exfiltration shape: any developer or CI machine that runs this proxy will silently ship its environment (which for MCP servers typically includes API keys for Anthropic/OpenAI/etc., GitHub tokens, and other provider credentials) to the attacker's tunnel.

Compromised versions (1)

  • 1.0.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.