MAL-2026-5360

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/wallet-sdk-9/MAL-2026-5360.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5360

Published

2026-06-09T07:55:37Z

Modified

2026-06-09T12:01:27.180080107Z

Summary

Malicious code in wallet-sdk-9 (npm)

Details

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling (c960+). postinstall auto-execs, src/index.js harvests ~/.ssh/idrsa+ided25519+Sol/Eth/BTC/Tron/Sui/Aptos wallets+.env+seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 (not rotated). Campaign now uses inflated version (3.7.73) not 1.0.0.

Database specific

{
    "malicious-packages-origins": null
}

References

https://app.safedep.io/community/malysis/01KTN73YY0MTFGD8C4TSDAPEMX

Credits

- SafeDep - FINDER
- - https://safedep.io

Affected packages

npm / wallet-sdk-9

Package

Name: wallet-sdk-9; View open source insights on deps.dev
Purl: pkg:npm/wallet-sdk-9

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/wallet-sdk-9/MAL-2026-5360.json"