mal-2026-6132
Vulnerability from ossf_malicious_packages
Published
2026-06-18 15:56
Modified
2026-06-18 17:10
Summary
Malicious code in metavu (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (fc05e6833390f96b1a53f5d1612e613436e5002673da2f7a8c1e8e9f9f41c525)

package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects hostname, platform, architecture, home directory, username/uid/gid/shell, OS details, the output of whoami and id, and the current working directory, then POSTs the JSON payload to a hardcoded collector URL https://webhook.site/4f54203c-996c-4f52-b136-ef9b1fd0f64d/detox56 (index.js:7, index.js:108). The package has no functional code — empty author, empty description, and a bizarre version string 99.21.1-1.21.199 consistent with a throwaway dependency-confusion / recon probe. Installing this package leaks installer identity and host fingerprint to an attacker-controlled collector, enabling targeted follow-on attacks against the developer or build environment.

CWE
  • CWE-506 - The product contains code that appears to be malicious in nature.
  • CWE-506 - The product contains code that appears to be malicious in nature.
Credits
Amazon Inspector inspector-research@amazon.com
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          },
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "index.js",
              "sha256": "c56083dad3b306e1f094b5514f052668bd8e3d923cf50191c4cfb4f6015436d3",
              "tlsh": "0d5152c516fa5a241b67b8494a4f9402a327e0033505ee59bfdc8740af9937c97f0bf6"
            },
            {
              "path": "package.json",
              "sha256": "529efd6afea2f828125e65ca6b26926f790c56752040c616e30eefe4ea811b39",
              "tlsh": "cad0a7305e2155332ad502a60c2b989772a18f2f14053c08a7db582c81df677acff34d"
            }
          ],
          "package_integrity": [
            {
              "filename": "metavu-99.21.1-1.21.127.tgz",
              "hashes": {
                "sha1": "78a198d67f9437268fa381e6961f01992dd89439",
                "sha512_sri": "sha512-Rnx75fDJ6Pl074JL/vovqi/6iw52kn58of4IN0MdQwuJm84An4HKU43AfIFnnBaIkym7w45A0OrhWb94qhD+Sg=="
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "npm",
        "name": "metavu"
      },
      "versions": [
        "99.21.1-1.21.127",
        "99.21.1-1.21.199"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "inspector-research@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "id": "IN-MAL-2026-006982",
        "import_time": "2026-06-18T17:08:46.028579343Z",
        "modified_time": "2026-06-18T15:56:41Z",
        "sha256": "b831ebbecee413d046d8e4ed8d9b21c3d2a6e4b71350c714535eeefaeccb1a6a",
        "source": "amazon-inspector",
        "versions": [
          "99.21.1-1.21.127"
        ]
      },
      {
        "id": "IN-MAL-2026-006977",
        "import_time": "2026-06-18T17:08:45.686378256Z",
        "modified_time": "2026-06-18T15:56:00Z",
        "sha256": "fc05e6833390f96b1a53f5d1612e613436e5002673da2f7a8c1e8e9f9f41c525",
        "source": "amazon-inspector",
        "versions": [
          "99.21.1-1.21.199"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (fc05e6833390f96b1a53f5d1612e613436e5002673da2f7a8c1e8e9f9f41c525)\npackage.json declares `preinstall: node index.js`, which fires automatically on `npm install`. index.js collects hostname, platform, architecture, home directory, username/uid/gid/shell, OS details, the output of `whoami` and `id`, and the current working directory, then POSTs the JSON payload to a hardcoded collector URL `https://webhook.site/4f54203c-996c-4f52-b136-ef9b1fd0f64d/detox56` (index.js:7, index.js:108). The package has no functional code \u2014 empty author, empty description, and a bizarre version string `99.21.1-1.21.199` consistent with a throwaway dependency-confusion / recon probe. Installing this package leaks installer identity and host fingerprint to an attacker-controlled collector, enabling targeted follow-on attacks against the developer or build environment.\n",
  "id": "MAL-2026-6132",
  "modified": "2026-06-18T17:10:56Z",
  "published": "2026-06-18T15:56:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/metavu/v/99.21.1-1.21.127"
    },
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/metavu/v/99.21.1-1.21.199"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in metavu (npm)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.