MAL-2026-5805

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/flowcardano/MAL-2026-5805.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5805

Aliases

GHSA-7wqh-42c8-vqcx

Published

2026-06-15T17:23:30Z

Modified

2026-06-17T00:31:44.579101300Z

Summary

Malicious code in flowcardano (npm)

Details

flow/surf-lending DeFi cred-exfil campaign sibling (c1655). Cardano-themed Sentinel-9.9.9 dependency-confusion squat. preinstall node index.js || true exfils env secrets (mnemonic/private-key/token/blockfrost) to raw C2 2.25.140.71:8443/surflending/npm-confusion (same C2 as flow-lending/surf-lending/flow-lending-sdk/bodega-sdk/flowdefi). Automated analysis timed out; classified by campaign attribution (verified identical siblings). No-renotify.

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (21379b9b1e9f6a64a18a806531d9f1bb22394694b092eb2b26b6b4d356bd5a4a)

On npm install, package.json's preinstall hook runs node index.js, which collects host identity (os.hostname(), os.userInfo().username, cwd) and scrapes process.env for any key matching the regex key|seed|secret|token|private|mnemonic|password|blockfrost|redis|telegram|batcher, then POSTs the resulting JSON to https://2.25.140.71:8443/surflending/npm-confusion (index.js lines 13-17). The destination is a bare IP rather than any publisher- or vendor-owned host, and the request path (/surflending/npm-confusion) self-describes the intent as a dependency-confusion exfiltration channel. The package name flowcardano impersonates Cardano-ecosystem tooling and is published at version 9.9.9, the canonical dependency-confusion bait version chosen to outrank legitimate internal packages in resolver order. Any developer or CI agent that installs this package leaks credential-shaped environment variables (wallet seeds/mnemonics, private keys, Blockfrost / Telegram / Redis tokens, generic API tokens and passwords) along with host identifiers to the attacker.

Source: ghsa-malware (becf0970b25d3fece917cf67cf2734c2109c5b8b900f2c63f8f78679b7f5eae9)

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "21379b9b1e9f6a64a18a806531d9f1bb22394694b092eb2b26b6b4d356bd5a4a",
            "source": "amazon-inspector",
            "modified_time": "2026-06-15T17:23:30Z",
            "id": "IN-MAL-2026-006601",
            "versions": [
                "9.9.9"
            ],
            "import_time": "2026-06-15T18:54:53.586591592Z"
        },
        {
            "sha256": "649a634e3752b14f92fe6c92e11681dc8d16ba04019196b1c10cdf5968d74607",
            "source": "amazon-inspector",
            "modified_time": "2026-06-15T17:23:31Z",
            "id": "IN-MAL-2026-006602",
            "versions": [
                "9.9.9"
            ],
            "import_time": "2026-06-15T18:54:53.687064357Z"
        },
        {
            "sha256": "becf0970b25d3fece917cf67cf2734c2109c5b8b900f2c63f8f78679b7f5eae9",
            "source": "ghsa-malware",
            "modified_time": "2026-06-16T00:36:20Z",
            "id": "GHSA-7wqh-42c8-vqcx",
            "ranges": [
                {
                    "type": "SEMVER",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2026-06-16T01:31:34.710369286Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com
- SafeDep - FINDER
- - https://safedep.io

Affected packages

npm / flowcardano

Package

Name: flowcardano; View open source insights on deps.dev
Purl: pkg:npm/flowcardano

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.9.9

Database specific

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/flowcardano/MAL-2026-5805.json"

indicators

{
    "evidence_files": [
        {
            "sha256": "8936519f32d19d50089d55b700528b0a3149a27b8df271f19547c396948a8bdc",
            "tlsh": "a50165f061f094a85a72e684b056a1065163d013fd0bbc60f19401602fcd63c54b3cd6",
            "path": "index.js"
        },
        {
            "sha256": "fb930410a109e8c5d54160d7c38d1fdb90a5074062066e791c69523365b0d7a9",
            "tlsh": "b4c09b659f12f635171d06e6edb7ed88d1e102309098854454f3007595f1bff85de10f",
            "path": "package.json"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-Eas+N5y/WKXqHXlK/YwbFMbbIbikITpyI/9rvz3oISxmrexu5ESaEXNX0FPSFwL0SksWT9ebPhGSWGZlrPpNxA==",
                "sha1": "1c935e219a9e3c5f5986865afff4e62daad90455"
            },
            "filename": "flowcardano-9.9.9.tgz"
        }
    ],
    "ips": [
        "2.25.140.71"
    ]
}