registry  /  ecto-flag-read-m7p2  /  1.0.0

ecto-flag-read-m7p2@1.0.0

OSV Malicious Advisory

scanned 2h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-5687 confirms this npm version as malicious. The package's postinstall.js imports child_process and references HTTP GET calls and hostname lookups during the install lifecycle. The co-occurrence of these primitives in an install-time script is a known shape for both legitimate behavior (CTF/flag-read demos, hostname reporting, telemetry) and exfiltration/dropper attacks, but the available evidence does not show the destination URL, the data being sent, or...

Advisory
MAL-2026-5687
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in ecto-flag-read-m7p2 (npm)
Details
The package's postinstall.js imports child_process and references HTTP GET calls and hostname lookups during the install lifecycle. The co-occurrence of these primitives in an install-time script is a known shape for both legitimate behavior (CTF/flag-read demos, hostname reporting, telemetry) and exfiltration/dropper attacks, but the available evidence does not show the destination URL, the data being sent, or whether fetched content is executed. The package name ("ecto-flag-read") and small file count are consistent with a CTF or test artifact rather than a recognized library, but intent cannot be confirmed from the current evidence alone. A human reviewer should inspect postinstall.js to determine whether it exfiltrates installer data or executes remote content before this version is allowed in production installs. ## Source: ghsa-malware (47c876fa0bc683b97fe06619068fb4b205e5813e95917d8cd6d9df7a732b1499) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Decision reason
OpenSSF Malicious Packages via OSV confirms ecto-flag-read-m7p2@1.0.0 as malicious (MAL-2026-5687): Malicious code in ecto-flag-read-m7p2 (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory