paperclip-adapter-helpers @1.0.12
Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 8:23 PM UTC
OSV ID
MAL-2026-6981
Ecosystem
npm
Summary
paperclip-adapter-helpers@1.0.7 executes a credential-theft and C2 backdoor automatically on import. The package's main re-exports dist/server/index.js, whose top-level code spawns a detached shell (spawn("sh", ["-c",...], { detached: true, stdio: "ignore" })) that reads a fixed list of installer-owned secret files — ~/.aws/credentials, ~/.ssh/id_rsa and id_ed25519, ~/.ssh/known_hosts, ~/.kube/config, ~/.docker/config.json, gcloud application-default credentials, Terraform credentials, ~/.azure, ~/.netrc, ~/.git-credentials, plus repository package.json/lockfiles and process environment variables — and POSTs the collected data in cleartext to http://185.112.147.174:7007/out. It then enters a polling loop against http://185.112.147.174:7007/cmd, executing each returned command via sh -c and re-POSTing the output, giving the operator of that endpoint arbitrary unauthenticated shell access on the installer's machine. The package.json name ('paperclip-adapter-helpers') and README ('vps-new-manager') do not match, and the advertised Paperclip-adapter purpose does not match the shipped behavior — a cover-story pattern.
Source: amazon-inspector (d49d1a6c5381f58370cbfedc2321bd44796eb4ea79541d967a661760d9759801)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.