MAL-2026-2202
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@emilgroup/commission-sdk/MAL-2026-2202.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2202
- Published
- 2026-03-26T00:33:27Z
- Modified
- 2026-03-31T03:23:10.088178Z
- Summary
- Malicious code in @emilgroup/commission-sdk (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (88cda98ba417752b6bf4aef7eb0ecf7410017226165423202ca4d5886f370478)
The package @emilgroup/commission-sdk was found to contain malicious code.
Source: google-open-source-security (0747507ecb5327b6cd870cff26e8ef8ed455330e757b920c725988c9d36b7b7d)
This package was compromised by the CanisterWorm campaign by the TeamPCP threat actor. The malicious payload establishes persistence as user systemd service and places a backdoor on the infected host. The malware will also harvest npm credentials and can autonomously spread.
- Database specific
{ "iocs": { "domains": [ "litellm.cloud" ], "urls": [ "https://tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io/" ] }, "malicious-packages-origins": [ { "sha256": "0747507ecb5327b6cd870cff26e8ef8ed455330e757b920c725988c9d36b7b7d", "import_time": "2026-03-26T00:34:45.421057Z", "modified_time": "2026-03-26T00:33:27Z", "versions": [ "1.0.1", "1.0.2", "1.0.3" ], "source": "google-open-source-security" }, { "sha256": "88cda98ba417752b6bf4aef7eb0ecf7410017226165423202ca4d5886f370478", "import_time": "2026-03-31T03:10:12.476257277Z", "modified_time": "2026-03-31T02:07:58Z", "versions": [ "1.0.1", "1.0.2", "1.0.3" ], "source": "amazon-inspector" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / @emilgroup/commission-sdk
Package
- Name
- @emilgroup/commission-sdk
- View open source insights on deps.dev
- Purl
- pkg:npm/%40emilgroup/commission-sdk