MAL-2026-3644

Five packages (camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils) were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated version number causes npm to prefer the public malicious package over any internally-hosted version of the same name. All five packages carry an identical payload designed to exfiltrate credentials from Cloudflare Workers projects using Upstash Redis and HMAC signing keys.

On installation the preinstall script executes index.js, which collects hostname, platform, working directory, and environment variables whose names match patterns for API keys, tokens, secrets, HMAC signing keys, Upstash/Redis credentials, Vercel and Cloudflare environment bindings, and database connection strings. It also reads and exfiltrates .env, .env.production, .env.local, wrangler.toml, wrangler.json, and wrangler.jsonc files from the working directory and its parents. All collected data is sent via HTTP POST to the C2 server at http://82.221.101.203:9999/exfil.