AI Security Review
scanned 5h ago · by lpm-firewall-aiThe distributed entrypoints contain a crypto clipboard hijacker, local credential/environment discovery, exfiltration, and shell startup persistence. The code is embedded in a package advertised as a Base58 encoder/decoder.
Decision evidence
public snapshot- dist/index.cjs and dist/index.js contain clipboard read/write via child_process for pbpaste/pbcopy, xclip, and PowerShell.
- Clipboard content matching BTC/ETH/SOL addresses is replaced with hardcoded attacker wallet addresses.
- exfil() POSTs clipboard captures and host metadata to http://2.27.62.51:8080/api/health and :8081/api/health.
- Detection code reads home/project .env files, ~/.npmrc, ~/.ssh metadata, browser profiles, MetaMask extension paths, and Telegram tdata indicators.
- Persistence code writes Windows Startup base58-runtime.js or appends a node loader to ~/.bashrc, ~/.zshrc, and ~/.profile.
- package.json has no install/postinstall hook; only prepublishOnly build script.
- Runtime activation is guarded by a 72 hour Date.now delay that appears ineffective on immediate import, reducing observed reachability but not benign intent.
Source & flagged code
8 flagged · loading sourceSource reads and rewrites clipboard contents matching cryptocurrency wallet addresses.
dist/index.jsView on unpkg · L103Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/index.jsView on unpkg · L533Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.jsView on unpkgPackage source references dynamic require/import behavior.
dist/index.jsView on unpkg · L11Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L103A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.cjsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
dist/index.cjsView on unpkg