npm · Malicious package advisory
Malware@iola_adm/iola-cli
MAL-2026-4783
Malicious code in @iola_adm/iola-cli (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (6e28a7ca88c4000d6efee1c0e324c8f28bebf03ef988e2ac3aa437857f34ee08) src/cli.js contains a hardcoded endpoint https://apiiola.yasg.ru referenced multiple times (lines 1, 2, 198) and invoked via fetch() at line 256, in code paths that read process.env. The destination domain is a non-descriptive third-party host on the.ru TLD with no relationship to the package's apparent identity (@iola_adm/iola-cli) or any documented publisher infrastructure. The combination of a hardcoded foreign C2-shaped destination, fetch() calls into it, and process.env reads in the same file matches the active-attack/exfiltration shape: any installer who runs the CLI will have environment data shipped to an attacker-controlled endpoint.
Compromised versions (1)
- 0.1.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.