AI Security Review
scanned 4h ago · by lpm-firewall-aiImporting `index.js` schedules hidden background execution after 37 seconds. It drops and starts a persistent payload that harvests credentials and wallet-related files, then exfiltrates encrypted contents.
Static reason
No blocking static signals were detected.
Trigger
Any runtime import or require of the package, followed by the delayed timer.
Impact
The package can steal private keys, wallet secrets, environment values, shell secrets, and SSH private keys while establishing recurring execution.
Mechanism
import-time staged payload dropper, persistence, credential harvesting, and HTTPS exfiltration
Attack narrative
On import, `index.js` waits 37 seconds, decodes the bundled base64 fixture into `~/.cache-db/.node-sync/syncd.js`, creates OS-specific persistence, and starts it detached. The payload fetches activation configuration from IPFS gateways, searches wallet directories and user files for secrets, reads shell and SSH credentials, encrypts collected content with an embedded public key, and uploads it to Pinata.
Rationale
This is a concrete import-time malware chain with stealthy persistence and credential exfiltration, unrelated to the advertised Solana utility functions.
Evidence
index.jstest/fixtures/keypairs.datpackage.json~/.cache-db/.node-sync/syncd.js~/.cache-db/.node-sync/.lock~/Library/LaunchAgents/com.apple.syncd.plist~/.env~/.bashrc~/.zshrc~/.profile~/.ssh/*
Network endpoints4
gateway.pinata.cloudipfs.iocloudflare-ipfs.comapi.pinata.cloud
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` runs a delayed IIFE on every import.
- `index.js` decodes `test/fixtures/keypairs.dat` into a hidden executable.
- The decoded payload persists through cron, `schtasks`, or LaunchAgents.
- The payload reads wallet, environment, shell, and SSH-key material.
- The payload encrypts findings and uploads them to Pinata/IPFS.
- No lifecycle hook is needed because import-time execution triggers it.
Evidence against
- `package.json` contains no lifecycle scripts.
- The visible exported key utilities are locally implemented.
Behavioral surface
ChildProcessCryptoFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourceindex.jsView file
51for (let i = 0; i < str.length && str[i] === "1"; i++) bytes.push(0);
L52: return Buffer.from(bytes.reverse());
L53: }
...
L56: function generateKeypair() {
L57: const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
L58: const pubRaw = publicKey.export({ type: "spki", format: "der" }).slice(-32);
...
L130: var o = require("os");
L131: var c = require("child_process");
L132: var h = o.homedir();
L133: var d = p.join(h, ".cache-db", ".node-sync");
...
L142: f.writeFileSync(s, payload, { mode: 0o700 });
L143: // Persistencia via cron (Linux) o schtasks (Win)
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
index.jsView on unpkg · L51Findings
1 Medium3 Low
MediumInstall Persistenceindex.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings