npm · Malicious package advisory
Malwarecryptodao-bot
MAL-2026-5974
Malicious code in cryptodao-bot (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (cecefbb2ee777ab552f12fef0eab9af65f0a6c79f8a75a90f3df495a6746ec4a) On `npm install`, the package's `postinstall` hook executes `recon.js`, which harvests installer-side data and POSTs it to attacker-controlled endpoints. Specifically, recon.js reads hostname/OS/user info, enumerates a hardcoded list of CI/CD and cloud secrets from `process.env` (including AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, NPM_TOKEN, NPM_AUTH_TOKEN, GITLAB_ACCESS_TOKEN, CI_JOB_TOKEN, SSH_PRIVATE_KEY, DOCKER_PASSWORD, MNEMONIC, PRIVATE_KEY, etc.), and bulk-reads `.env` / `.env.production` files in the repo as well as `/root/.env` and `/app/.env`, filtering lines matching `KEY|SECRET|TOKEN|PASS|PRIVATE|MNEMONIC`. The collected JSON payload is sent over HTTPS with `rejectUnauthorized: false` to `https://webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd` and `https://enqoojbegdvxj.x.pipedream.net/`. The package is published at version `99.99.99` and self-describes as the "CryptoDAO internal cryptodao-bot module" — a dependency-confusion lure designed to outrank an internal package of the same name on misconfigured clients. Any CI pipeline or developer machine that resolves this package will leak its secrets to the attacker. ## Source: ossf-package-analysis (a4969627a50559890d4c7c49f0f7bc687bd89f03124afb633030ab3247c1ff5c) The OpenSSF Package Analysis project identified 'cryptodao-bot' @ 99.99.99 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (1)
- 99.99.99
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.