Summary

Note: This report is updated by a verification record

Malware detected: Exfiltrates sensitive data (hostname, platform, username, IP, env vars) to webhook.site via postinstall script.

Verification Record

The package is marked as malware by OSV: MAL-2025-6387 with source: reversing-labs

Details

Note: This report is updated by a verification record

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server (webhook.site) via an HTTPS POST request. This constitutes data exfiltration and is a clear indicator of malicious behavior.

Summary

Note: This report is updated by a verification record

Malware detected: Exfiltrates sensitive data (hostname, platform, username, IP, env vars) to webhook.site via postinstall script.

Verification Record

The package is marked as malware by OSV: MAL-2025-6387 with source: reversing-labs

Details

Note: This report is updated by a verification record

udn_extras@1.0.0Malicious

Verified

Analysed at: 7/28/25, 4:52 PM

Source: https://registry.npmjs.org/udn_extras/-/udn_extras-1.0.0.tgz

SHA256: c5d4cc4f694d8e64a930556f8dc24251eefe75a22e7e802745975a1d0b519b0b

Confidence: High