MAL-2026-7000

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pipo-sdk/MAL-2026-7000.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-7000
Published
2026-07-08T16:27:59Z
Modified
2026-07-08T17:16:48.942758287Z
Summary
Malicious code in pipo-sdk (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (259159c0505b819905dcaf53172d98a4fd590a9ae1a40f87d2be4c1a7fdc4065)

This package is a dependency-confusion payload published at an abnormally high version (9999.0.0) targeting an internal package name (pipo-sdk). The preinstall lifecycle hook runs node callback.js || true, which collects host identity — hostname, username, platform, and current working directory — via os.hostname(), os.userInfo(), and os.platform(), and transmits that data to pbnuwvwzmktaetcsjyyjlhncsf843r5a5.oast.fun by two channels: (a) a DNS resolution of a subdomain encoding the collected fields under the OAST domain, and (b) an HTTPS POST of a JSON body containing the same fields. Any host that runs npm install — for example, an internal build system whose resolver picks the public 9999.0.0 over a legitimate internal version — will silently beacon its identity to the third-party OAST endpoint. The bug-bounty / research framing in the package metadata does not change the installer-side behavior: unsolicited host-identity exfiltration fires on install regardless of consent, and the resolver-hijack version pin ensures the payload is preferred over legitimate internal artifacts.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "259159c0505b819905dcaf53172d98a4fd590a9ae1a40f87d2be4c1a7fdc4065",
            "id": "IN-MAL-2026-008122",
            "source": "amazon-inspector",
            "import_time": "2026-07-08T17:01:32.32667648Z",
            "modified_time": "2026-07-08T16:27:59Z",
            "versions": [
                "9999.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / pipo-sdk

Package

Affected ranges

Affected versions

9999.*
9999.0.0

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "pipo-sdk-9999.0.0.tgz",
            "hashes": {
                "sha1": "7e3049806c729d32cf2fae432cdd43c5deccb45b",
                "sha512_sri": "sha512-Jn18oxQgW9we+3Tvl0CmbGiyLaBNhc013Z/bTJTtC48ZcIRNVEGCDR0chpNHoiUbqpDYRjuJ5ek5Zjd61TL+yA=="
            }
        }
    ],
    "evidence_files": [
        {
            "path": "callback.js",
            "tlsh": "2f3185e021f5a2a00bf2adc331eb11241126d219bd12e5d5b9dc03881fc97b84272ffc",
            "sha256": "c5b39d3f2585bbb4df686867d46e661d0a4a11f11058e5fe27ca5d5cfc8844d8"
        },
        {
            "path": "package.json",
            "tlsh": "d8019e509d60883309f106d6447562007226ad2fec0efc0e73c6419cd7aeba6537d65e",
            "sha256": "c5374b01384a083736e684319cd256db556518ff92a60c8f0df2b83274eb3e6c"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pipo-sdk/MAL-2026-7000.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code"
    }
]