npm · Malicious package advisory
Malwaresypoi1
MAL-2026-6405
Malicious code in sypoi1 (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (b22a9450e70ba1095097d2779ad6da01c111c37e940d890fbfc21d1aeb6a0f11) On require, index.js silently bootstraps a full Python runtime on the installer's machine — first via `winget install -e --id Python.Python.3.12 --silent`, falling back to downloading `python-3.12.3-amd64.exe` from python.org and executing it with `/quiet InstallAllUsers=0 PrependPath=1` — then silently `pip install`s pyautogui, keyboard, mss, pillow, pyperclip, and uiautomation. It then spawns pointer.py, which installs system-wide hotkeys (Ctrl+C, Alt+S, F8/F9/F10, Alt+M, Ctrl+Q), creates a topmost transparent always-on-top Tk window using `overrideredirect(True)` to hide from the user, continuously monitors clipboard contents, and on hotkeys captures full-monitor screenshots and on-screen text via UI Automation. Captured clipboard text and base64-encoded screenshots are POSTed to a hardcoded destination at `https://iq-overlay-pointer.vercel.app/api`. The agent also exposes a `mash_callback` mode that hooks `keyboard.on_press` with `suppress=True` and substitutes attacker-supplied characters via `pyautogui.write(char)`, injecting keystrokes into whatever window is focused. The package's declared purpose — "System binary configuration tool" by author "SysDev" with keywords system/binary/util/config — does not match any of this behavior; the metadata is a cover story for a screen/clipboard surveillance and remote-keystroke-injection agent. ## Source: ghsa-malware (8f75d2bf0f1e5af3bf0af9183ea1f44474eb92ce5349b75aaefa4a4b3aa2b3f6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Compromised versions (3)
- 1.0.0
- 1.0.1
- 1.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.