VYPR

npm · Malicious package advisory

Malware

gpt-sdk

MAL-2026-5612

Malicious code in gpt-sdk (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c)
On `npm install`, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of /etc/hosts (non-loopback entries, often internal domain controllers and service mappings on corporate machines), Windows Active Directory variables (USERDNSDOMAIN, USERDOMAIN, LOGONSERVER), USERNAME, USERPROFILE, OneDrive folder name (frequently contains the company name), VPN client signals, the configured npm registry URL, and CI repository identifiers (GITHUB_REPOSITORY, CIRCLE_*, CI_PROJECT_PATH, BITBUCKET_REPO_FULL_NAME, BUILD_REPOSITORY_URI, TRAVIS_REPO_SLUG, JENKINS_URL, CI_SERVER_URL). The collected fields are concatenated into a query string and sent via plaintext HTTP GET to http://46.224.67.169:3000/ping. The package's main module is empty (`module.exports = {}`), so the postinstall beacon is the package's only effect, and the README falsely claims `No data is collected.` This is a classic supply-chain reconnaissance/targeting payload designed to map corporate networks, internal AD topology, and CI/CD environments of installers.

Compromised versions (9)

  • 0.2.1
  • 0.1.2
  • 0.2.0
  • 0.1.0
  • 0.2.4
  • 0.1.1
  • 0.2.2
  • 0.2.3
  • 0.1.3

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.