MAL-2026-10765

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/syft-acp-core/MAL-2026-10765.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10765
Published
2026-07-16T00:00:00Z
Modified
2026-07-17T04:34:27.193635498Z
Summary
Malicious code in syft-acp-core (npm)
Details

The syft-acp-core package was published to the npm registry by user 'ada8877' (maintainer email k3mlol@proton.me) as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention (an ACP component library) of a target organization, so that a misconfigured resolver installs this public lookalike instead of the intended private dependency.

The package declares a preinstall hook ("npm install @sentry/node && node examples/verify.js") that executes automatically at npm install time, before any application code runs. The bundled examples/verify.js initializes the @sentry/node client against a hardcoded, attacker-controlled Sentry DSN with sendDefaultPii enabled, resolves the installing host's public egress IP address by requesting Cloudflare's /cdn-cgi/trace endpoint (using a spoofed desktop-browser User-Agent to bypass bot challenges), then deliberately triggers a runtime exception and captures it. Flushing the event beacons the collected host telemetry (public IP plus Sentry default PII such as hostname, OS username and runtime/environment metadata) to the attacker's Sentry ingest endpoint at o4510485815754752.ingest.us.sentry.io.

Each impersonated namespace in the campaign beacons to a distinct Sentry project ID, letting the operator attribute successful installs to specific victim organizations — behaviour consistent with a dependency-confusion reconnaissance beacon rather than legitimate error monitoring. The install-time payload is byte-for-byte identical to the earlier 'click2ai' campaign, sharing the same Sentry organization (o4510485815754752) and a related ProtonMail maintainer identity, and differs only in the package name and target DSN. This package's beacon targets Sentry project 4511744089718784.

Database specific
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / syft-acp-core

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
iocs
{
    "urls": [
        "https://e82e1244d311e1f83fd57d89db4d62a3@o4510485815754752.ingest.us.sentry.io/4511744089718784"
    ],
    "domains": [
        "o4510485815754752.ingest.us.sentry.io"
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/syft-acp-core/MAL-2026-10765.json"