npm · Malicious package advisory
Malwarelc-chatbot
MAL-2026-6559
Malicious code in lc-chatbot (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (81ca324fdc9c4ba5536abcd43972f1a506f4af99ace29447b66a17947b1b8606) package.json declares both preinstall and postinstall scripts that run `node callback.js`, so the callback fires automatically on `npm install` with no user interaction. callback.js collects identifying data from the installer's machine — os.hostname(), os.userInfo().username, process.cwd(), the consuming package name@version, and process.platform/arch — and transmits it to two attacker-controlled collectors: (1) a DNS lookup whose label is the hex-encoded hostname under a canarytokens.com subdomain, and (2) an HTTPS GET to https://eolxuw8fddeyjj8.m.pipedream.net carrying the collected fields as query parameters. The callback wraps all I/O in try/catch and forces process.exitCode=0, so the install completes silently even if the network call fails, hiding the beacon from the installer. The package self-describes as a dependency-confusion proof-of-concept, but the behavior is genuine install-time exfiltration of installer-identifying data and harms any machine that runs `npm install`. ## Source: ossf-package-analysis (10b9ccdaec6709f86d79c1dec1b8fbfa87926dedbdc1e2355979308e7c516f3e) The OpenSSF Package Analysis project identified 'lc-chatbot' @ 0.9.0-rc.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (1)
- 0.9.0-rc.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.