smb-portal-uikit @18.1.1
Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 3:50 AM UTC
OSV ID
MAL-2026-10616
Ecosystem
npm
Summary
Package smb-portal-uikit@18.1.1 declares a preinstall lifecycle hook that runs node index.js . On npm install , index.js invokes child_process.exec on whoami and id , reads os.hostname(), os.userInfo(), process.platform, and process.cwd(), and POSTs the collected host reconnaissance to a hardcoded attacker-controlled endpoint at https://a2dmzqok5w5seb3fac3w4kvcz35utohd.oastify.com (an oastify.com subdomain, a Burp Collaborator out-of-band interaction host commonly used as an exfiltration/beacon sink). The package ships no legitimate UI-toolkit functionality consistent with its name; the entire install-time behavior is reconnaissance and exfiltration.
Source: amazon-inspector (395b88ae26544dcfdfca9d46294e1f0558c2e5bade88bac0eb0797d1140debbe)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.