Powered by SafeDepPowered by SafeDepPackage is malware. It exfiltrates sensitive info, executes arbitrary code during install, and matches multiple YARA rules.
No verification record available.
The package exhibits multiple strong indicators of malicious behavior. The index.js file contains code designed to exfiltrate sensitive information, including environment variables, shell secrets, AWS credentials, SSH data, and credentials from common configuration files. This data is collected using shell commands, base64 encoded, and sent to a remote server. The package.json file includes a preinstall script that executes node index.js, allowing the package to run arbitrary code during installation, a common malware technique. The combination of data exfiltration and arbitrary code execution during installation strongly suggests malicious intent. Several YARA rules also matched the index.js and package.json files, further supporting this conclusion.