MAL-2026-5475

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ipy-rev-proxy/MAL-2026-5475.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5475

Published

2026-06-09T20:21:12Z

Modified

2026-06-09T21:01:33.436059126Z

Summary

Malicious code in ipy-rev-proxy (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555)

On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to https://webhook.site/40b5f3e2-4072-4f2c-b259-0ecb531755d7. The same script then probes Google's internal SSO proxy at http://uberproxy.corp.google.com/procz and the GCE metadata endpoint http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token (with the required Metadata-Flavor: Google header) and forwards any 200 response — including GCE service-account tokens — plus hostname, id, and uname -a output to the same webhook. The package presents itself with a generic Jupyter description and the placeholder author 'IPython Development Team' but ships no functional code matching that description; the name and metadata are consistent with a dependency-confusion lure aimed at Google internal builds.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-09T20:21:12Z",
            "versions": [
                "9.3.1"
            ],
            "sha256": "591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555",
            "id": "IN-MAL-2026-005194",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:51.402034941Z"
        },
        {
            "modified_time": "2026-06-09T20:21:13Z",
            "versions": [
                "9.3.1"
            ],
            "sha256": "5b5e8b8bd7fa1b9720229e7ba23e00e08a5a843e209fc8525d58a05ea3e70321",
            "id": "IN-MAL-2026-005195",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:51.531074945Z"
        }
    ]
}

References

https://www.npmjs.com/package/ipy-rev-proxy/v/9.3.1

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / ipy-rev-proxy

Package

Name: ipy-rev-proxy; View open source insights on deps.dev
Purl: pkg:npm/ipy-rev-proxy

Affected ranges

Affected versions

9.*

9.3.1

Database specific

indicators

{
    "domains": [
        "metadata.google.internal",
        "metadata.google.internal.ec2.internal",
        "webhook.site",
        "uberproxy.corp.google.com"
    ],
    "evidence_files": [
        {
            "sha256": "f2cfeab493efeb0f26cb827cf2550c3f57944b96382425bbe850707d0ed36957",
            "tlsh": "b451758ed5e4046111a7b67c9a2f560535a2e0131909fc94becc93664fac57d42f38ed",
            "path": "index.js"
        }
    ],
    "package_integrity": [
        {
            "filename": "ipy-rev-proxy-9.3.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-wnlN7xJBWm9f0Ncfbewz+YhdWQGsP7ibLBg9FK4wxxvegk8WHRxfBv1yGWZ5MoUNrRKdBmOp0F92RcPBDzbBsA==",
                "sha1": "9b9fc03ce8938ad55f323efb0c34eeef95815ac4"
            }
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ipy-rev-proxy/MAL-2026-5475.json"