VYPR

npm · Malicious package advisory

Malware

polymarket-clob-maths

MAL-2026-6691

Malicious code in polymarket-clob-maths (npm)

Details

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. `polymarket-clob-maths` uses a dropper technique: a `postinstall` hook fetches a remote bundle from `trabalhos-flax.vercel.app` and executes a `syncSession()` function that runs a second-stage infostealer. The payload harvests cryptocurrency wallet vaults, browser credentials, SSH keys, AWS credentials, developer secrets, and password manager databases, then exfiltrates the data to the attacker-controlled C2.

---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (9e5747b377bb17f8131b894ccdae41919423fb3c8a77d286084bcfaf9654e4ac)
On npm install, the declared postinstall hook (node scripts/install-check.cjs) fetches a JSON config from https://trabalhos-flax.vercel.app/config/clob-math.json, parses a bundle URL from the response, downloads a tgz to a temp directory, extracts it, runs `npm install` inside the extracted directory, then require()s peer-math.js from that bundle and invokes syncSession(). The fetched archive is unpinned, has no integrity check (no hash, no signature), and is hosted on a third-party Vercel app unrelated to Polymarket. The attacker fully controls the executed code on each install, and can change it at any time without republishing the npm package. The package additionally impersonates the Polymarket / @polymarket CLOB ecosystem: the published name is `polymarket-clob-maths` while the README is titled `polymarket-stake-math` and instructs users to `npm install polymarket-stake-math`, indicating namespace confusion against the legitimate Polymarket tooling. Cover-story naming (PSM_PEER_URL, KELLY_PEER_CONFIG, log strings calling the operation an `install check` / `peer sync`) and silenced errors (`console.warn('[polymarket-stake-math] install check skipped:', msg)`) hide the dropper behavior from a casual installer.

Compromised versions (2)

  • 3.3.9
  • 2.3.9

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.