MAL-2026-5355

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ethereum-kit-1/MAL-2026-5355.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5355
Published
2026-06-09T07:55:22Z
Modified
2026-07-09T23:02:00.892211158Z
Summary
Malicious code in ethereum-kit-1 (npm)
Details

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling (c960/c961). postinstall scripts/postinstall.js auto-execs, src/index.js harvests ~/.ssh/id_rsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 (not rotated). Generic-crypto-name + numeric suffix + 1.0.0 pattern.


-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (ae3b331ae41142aa7284b8c008e95ae1e650907c9d182043fb3d82f28fc19543)

The package was found to contain malicious code or consuming dependency that contains malicious code

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "ae3b331ae41142aa7284b8c008e95ae1e650907c9d182043fb3d82f28fc19543",
            "id": "IN-MAL-2026-009509",
            "import_time": "2026-07-09T22:56:29.489321309Z",
            "modified_time": "2026-07-09T22:05:51Z",
            "versions": [
                "1.0.0"
            ],
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / ethereum-kit-1

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.0

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "ethereum-kit-1-1.0.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-ttsmZ3AxQ+qUIelZsCsrDmcXEoHyQ5dORTaQ2F3Ph0M4tAomef+uYD6JAlUhxv4jeAFr6EU4ZsYOGD+eObnr5Q==",
                "sha1": "c30a7ced2189ca5a0d5bd6d4857f7759f1ff9ae5"
            }
        }
    ]
}
cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ethereum-kit-1/MAL-2026-5355.json"