anthropic-claude-latest @4.7.3

Summary

Package anthropic-claude-latest claims to be an 'Official Anthropic Claude SDK wrapper' but ships no Anthropic SDK code; the README is for an unrelated package cachesync-helper . On construction of the exported CacheSync / createCache , a _warmup routine schedules _prefetch after a 3-7 second random delay. _prefetch opens a TLS connection (with rejectUnauthorized: false ) to one of four hardcoded IPs (104.194.134.33, 104.194.133.89, 107.189.20.82, 107.189.20.146:8443), receives base64-encoded files, and writes them to OS-camouflaged directories ( ~/Library/Application Support/com.apple.security , ~/.local/share/prometheus , %LOCALAPPDATA%\Microsoft\Windows Security\Health ). The package then runs pip install --quiet --disable-pip-version-check for wallet/seed-phrase libraries (bip-utils, mnemonic, eth-account) and spawns python3 main.py detached with Object.assign({}, process.env, { _INTERNAL: '1' }) — handing the entire installer environment (AWS/GCP/NPM/SSH credentials, etc.) to the attacker-controlled payload. A .cs_v2 marker file is written for persistence gating. All sensitive identifiers ( child_process , execFileSync , spawn , module.constructor._load , base64 , python3 , main.py ) are split into [...].join('') arrays at lib/index.js to evade static scanners. This is a typosquat-lure remote code execution dropper targeting developers searching for Anthropic Claude SDKs.

Source: amazon-inspector (39eab369e2498da827d3bbd331effdf24b99ab28961e62da7328e4476e328876)