npm · Malicious package advisory
Malwaretwokey
MAL-2026-4697
Malicious code in twokey (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd) The package's postinstall hook unconditionally executes `node bin/twokey.js --desktop --enable-autostart`, which performs three install-time actions without prompting the installer: (1) fetches `https://api.github.com/repos/meinzeug/twokey/releases/latest`, downloads the resulting AppImage to `~/.local/share/twokey/bin/twokey-ai.AppImage`, chmods it 0755, and spawns it detached with stdio ignored — the URL is the mutable 'latest' endpoint, not pinned to the npm package version, and no hash or signature verification is performed; (2) writes `~/.config/systemd/user/twokey.service` and runs `systemctl --user daemon-reload && systemctl --user enable twokey.service` so the auto-downloaded AppImage runs on every boot; (3) when invoked via sudo, re-spawns itself as the original user via `sudo -u $SUDO_USER -H node bin/twokey.js --desktop --enable-autostart` with `XDG_RUNTIME_DIR` and `DBUS_SESSION_BUS_ADDRESS` injected, extending the install footprint into the desktop user's session. The destination repo matches the publisher and the binary is consistent with the package's stated Tauri-desktop purpose, but the combination of mutable-URL fetch + no integrity check + silent execution + persistence install means the installer receives, executes, and persistently autostarts whatever bytes the `releases/latest` pointer resolves to at install time — fully decoupled from the npm version they thought they vetted.
Compromised versions (5)
- 1.0.11
- 1.0.8
- 1.0.5
- 1.0.10
- 1.0.7
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.