metemask-sdk @1.2.1
Vulnerability report · Last retrieved from osv.dev July 12, 2026 at 3:37 PM UTC
OSV ID
MAL-2026-10197
Ecosystem
pypi
Summary
During import, the code downloads and executes a remote script. The script collects sensitive files, including cryptocurrency wallet private keys and seeds, SSH keys, dotenv files and uploads them to IPFS. After that, it communicates with C2 and awaits further commands to execute. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-metemask-sdk Reasons (based on the campaign): - files-exfiltration - typosquatting - exfiltration-ssh-keys - crypto-related - Downloads and executes a remote malicious script. - exfiltration-crypto - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - uses:ipfs
Source: kam193 (0f59169bc0b142713f95865c41501f7eade6b73d1aea633262e40d514e6b6546)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.