MAL-2026-6420
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/leo-cdk-lib/MAL-2026-6420.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6420
- Published
- 2026-06-24T23:04:55Z
- Modified
- 2026-06-25T08:01:28.976100947Z
- Summary
- Malicious code in leo-cdk-lib (npm)
- Details
-
The
leo-cdk-libnpm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm accountczirkerbelonging to the LeoPlatform organization.The malicious payload is triggered automatically during
npm installvia abinding.gypfile using node-gyp command expansion (<!(node index.js > /dev/null 2>&1 && echo stub.c)), which bypasses lifecycle script scanners. The replacedindex.js(~5.2 MB, obfuscated with ROT-N + AES-128-GCM encryption) deploys a multi-stage worm with the following capabilities:- Credential theft: Targets npm, GitHub, PyPI, RubyGems, Kubernetes, HashiCorp Vault, AWS (IAM keys, Secrets Manager, IMDS), 1Password, JFrog Artifactory, and SSH keys.
- AI tool targeting: Exfiltrates configuration files for Claude, Cursor, Gemini, and VS Code.
- Worm propagation: Enumerates npm packages and auto-publishes version bumps to spread to other maintainers in the ecosystem.
- GitHub persistence: Creates orphan
snapshot-<hex>branches with fake "Dependabot Updates" workflows to maintain access after initial compromise.
Any system that installed this version should be considered fully compromised. Rotate all secrets immediately from a separate, clean machine. See the linked SafeDep report for full payload analysis, indicators of compromise, and remediation guidance.
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (0c00b5f0c306cb1af4497ed1726f1889b62a9b20d64de1dceb3181fbd7ca263b)
The package ships a binding.gyp at the root that contains GYP command-expansion syntax (npm install, functionally equivalent to a lifecycle hook. The package does not ship corresponding native source files (.c/.cc/.cpp/.h) that would justify a real node-gyp build, indicating the binding.gyp's purpose is to run the embedded command rather than to build a native addon.
- Database specific
{ "iocs": { "urls": [ "https://safedep.io/miasma-worm-hits-leoplatform-20-npm-packages/" ] }, "malicious-packages-origins": [ { "sha256": "0c00b5f0c306cb1af4497ed1726f1889b62a9b20d64de1dceb3181fbd7ca263b", "import_time": "2026-06-25T07:47:50.61785631Z", "source": "amazon-inspector", "modified_time": "2026-06-25T06:30:28Z", "versions": [ "0.0.2" ], "id": "IN-MAL-2026-007468" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
- SafeDep - FINDER
-
Affected packages
npm / leo-cdk-lib
Package
- Name
- leo-cdk-lib
- View open source insights on deps.dev
- Purl
- pkg:npm/leo-cdk-lib
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/leo-cdk-lib/MAL-2026-6420.json"
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
indicators
{
"evidence_files": [
{
"sha256": "32d1bc728d8e504952083a6adc488c309a401c7df4dc8f47b382ce32e4aebe21",
"tlsh": "48c08c3ca9380d1029d958285168d402a4b142a3494e2a81fade60284fa840b2898bad",
"path": "binding.gyp"
}
],
"package_integrity": [
{
"filename": "leo-cdk-lib-0.0.2.tgz",
"hashes": {
"sha1": "ef8bf6dd92cbc29ef8d23f3f0fa786ed20a856b1",
"sha512_sri": "sha512-/GYUgNuZuL7psrw6uPo6S9Af17dAqJGUECm37Eq//yi0w3uYCb55ciMrOD5dwTsq2kE8zlX7vJ9tF9qqfWGzyg=="
}
}
]
}