MAL-2026-4525

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/claude-internal-utils/MAL-2026-4525.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4525

Published

2026-05-20T23:55:57Z

Modified

2026-05-26T06:02:21.217533684Z

Summary

Malicious code in claude-internal-utils (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (24a94a290c15f2b6cdaf351590455cd597bb2881f7bbcf1609fbfbd8031e491f)

Package name impersonates an internal Anthropic 'claude-*' namespace and the description field self-identifies as 'Alex Birsan Style' dependency-confusion bait. The package ships no library code; its only effect is a postinstall lifecycle hook that runs an inline node one-liner which fetches the installer's public IP from api.ipify.org, executes id || ver && whoami && hostname via child_process.exec, and POSTs hostname, cwd, USERDOMAIN/COMPANY env vars, public IP, package name, and the command output as JSON to a hardcoded attacker subdomain at lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun (an out-of-band interaction service commonly used for exfiltration). Fires automatically on npm install, before any consumer code runs.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-003653",
            "versions": [
                "9.0.5"
            ],
            "sha256": "0907de4f4ae6bbfa72bdca010597aeac418f4c6c6e0af3c5516c3a5041171b55",
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T23:55:58Z",
            "import_time": "2026-05-26T05:51:03.000265919Z"
        },
        {
            "id": "IN-MAL-2026-003652",
            "versions": [
                "9.0.5"
            ],
            "sha256": "24a94a290c15f2b6cdaf351590455cd597bb2881f7bbcf1609fbfbd8031e491f",
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T23:55:57Z",
            "import_time": "2026-05-26T05:51:02.904736044Z"
        }
    ]
}

References

https://www.npmjs.com/package/claude-internal-utils/v/9.0.5

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / claude-internal-utils

Package

Name: claude-internal-utils; View open source insights on deps.dev
Purl: pkg:npm/claude-internal-utils

Affected ranges

Affected versions

9.*

9.0.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/claude-internal-utils/MAL-2026-4525.json"

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "path": "package.json",
            "sha256": "166f1e78f5f9fe79fe80e3a19f920599f6c24a7b295ad06de5771a9ee951e2df",
            "tlsh": "231135f19990eb75e3d157f87a17d405ed63e70b61108cb0a86c17814b841b0559bf9c"
        }
    ],
    "package_integrity": [
        {
            "filename": "claude-internal-utils-9.0.5.tgz",
            "hashes": {
                "sha512_sri": "sha512-fQLCcZl8UM/xyFAy9LemVh2Zq/z98d7scs4W3HWHh7VEryxFS8MhxlejJESkMRebLB1AsQhAh6Kn8B3WZUcueg==",
                "sha1": "3df62d23421424de8d48f5ff596f5a40fd18698e"
            }
        }
    ],
    "domains": [
        "lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun",
        "api.ipify.org"
    ]
}