VYPR

npm · Malicious package advisory

Malware

pc-optimizer

MAL-2026-5653

Malicious code in pc-optimizer (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f046d16052b9121c55f2fd5e6eb2be90ce24e7b007efca3c2a9e7f64dab8f6bf)
The package's collect.js imports child_process, fs, http, https, and os, reads host identifiers via os.hostname() and os.homedir(), inspects local filesystem paths via fs.existsSync, and POSTs collected data to a hardcoded external endpoint at http://aab.sportsontheweb.net. The destination is not a registry, vendor SDK host, or documented service — it is an unrelated third-party domain bound to a POST in install/load-reachable code. The combination of system enumeration (hostname, homedir, child_process), filesystem inspection, and a hardcoded non-publisher exfiltration endpoint is the canonical host-information stealer fingerprint and provides direct attacker benefit (host fingerprinting + arbitrary collected data shipped off-host).

Compromised versions (3)

  • 1.0.1
  • 1.0.2
  • 1.0.9

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.