Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package contains multiple suspicious indicators. It contains an embedded executable (package/bin/postman). The executable package/bin/postman also matched the YARA rule fake_section_headers_conflicting_entry_point_address, indicating potential obfuscation or malicious intent. Additionally, the package.json contains a preinstall script, which is a common technique used by malware to execute malicious code upon installation. The files setup_bun.js and bun_environment.js access multiple bash startup files, indicating potential persistence mechanisms. These multiple pieces of evidence suggest that the package is likely malicious.