VYPR

npm · Malicious package advisory

Malware

polymarket-trading-developer-tools

MAL-2026-6692

Malicious code in polymarket-trading-developer-tools (npm)

Details

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. `polymarket-trading-developer-tools` uses a dropper technique: a `postinstall` hook downloads configuration from `pm-trading-dev-tools-be.vercel.app` and exfiltrates data to the shared C2 `polymarket-clob-service.vercel.app`. The payload harvests cryptocurrency wallet vaults, browser credentials, SSH keys, AWS credentials, developer secrets, shell history, and password manager databases.

---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (b81db3cfbdf6d7b0879b6aaf3ad13a458141edfafa53074658911c9203e55dca)
On `npm install`, scripts/install-check.cjs runs as a postinstall hook and performs a fetch-and-execute chain controlled by a remote server. It requests a JSON config from pm-trading-dev-tools-be.vercel.app, reads a bundle URL from the response, downloads a.tgz to.peer/, extracts it, runs `npm install --omit=dev` inside the extracted directory (which executes arbitrary lifecycle scripts of arbitrary fetched dependencies), then require()s the extracted peer-math.js and invokes syncSession(). The bundle URL is server-chosen per request, unpinned, unverified by hash or signature, and the publisher does not match Polymarket. The package name (polymarket-trading-developer-tools@0.1.0) impersonates the Polymarket developer ecosystem while the README self-identifies as polymarket-stake-math with a fabricated 3.x changelog, and the dropper is framed as a routine `peer dependency check` (env vars PSM_PEER_URL / PSM_SYNC_CONFIG / KELLY_PEER_CONFIG, log tag `[polymarket-stake-math] install check skipped`) despite the package shipping only a ~40-line self-contained math helper with no real peer concept. Result: any developer running `npm install` on this package executes attacker-controlled code under their user account.

Compromised versions (2)

  • 0.1.1
  • 0.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.