OSV ID
MAL-2026-5931
Ecosystem
npm
Summary
On npm install , mci-sdk runs the postinstall hook node./src/exec.js , which imports mci from src/core/index.js and invokes it at module top level. The function reads a base64-encoded value stored as MULTI_CHAIN_CONFIG.dev.apiKey in src/core/config.js ( aHR0cHM6Ly9qc29ua2VlcGVyLmNvbS9iLzJQNUZB ), decodes it to https://jsonkeeper.com/b/2P5FA , fetches the JSON via axios, and pipes response.data.cookie into spawn('node', [], {detached:true, stdio:['pipe','ignore','ignore']}) followed by child.unref() . The fetched payload is therefore executed as Node.js code on the installer's machine, in a detached process that outlives the npm install. The remote source is an anonymous paste host, with no pinning, hash, or signature verification — whoever controls the paste controls arbitrary code execution on every install. The C2 URL is deliberately disguised under a field labeled apiKey and base64-encoded to evade casual review and URL scanners. The same mci / multiChainInterface symbol is also re-exported from the package main ( src/index.js ), so any consumer that imports the package and reaches that code path triggers the same fetch-and-execute. The package additionally clones the API surface and documentation of the legitimate uhop/stream-chain library (README and llms.txt link to github.com/uhop/stream-chain/wiki/... ) to attract developers seeking that package.
Source: amazon-inspector (1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.