MAL-2026-5359

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/swap-sdk-87/MAL-2026-5359.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5359

Published

2026-06-09T07:55:40Z

Modified

2026-06-09T12:01:27.026791297Z

Summary

Malicious code in swap-sdk-87 (npm)

Details

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling (c960+). postinstall auto-execs, src/index.js harvests ~/.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 (not rotated). Inflated version.

Database specific

{
    "malicious-packages-origins": null
}

References

https://app.safedep.io/community/malysis/01KTN8W3SM74DRKZMHRSYQTJMS

Credits

- SafeDep - FINDER
- - https://safedep.io

Affected packages

npm / swap-sdk-87

Package

Name: swap-sdk-87; View open source insights on deps.dev
Purl: pkg:npm/swap-sdk-87

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/swap-sdk-87/MAL-2026-5359.json"