MAL-2026-5353

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/crypto-utils-7/MAL-2026-5353.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5353
Published
2026-06-09T07:55:28Z
Modified
2026-06-09T12:01:27.902483648Z
Summary
Malicious code in crypto-utils-7 (npm)
Details

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling (c960/c961). postinstall scripts/postinstall.js auto-execs, src/index.js harvests ~/.ssh/id_rsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 (not rotated). Generic-crypto-name + numeric suffix + 1.0.0 pattern.

Database specific
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / crypto-utils-7

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/crypto-utils-7/MAL-2026-5353.json"