Package collects and exfiltrates sensitive system data to Oastify URLs. High entropy file and extension mismatch add to suspicion.
No verification record available.
The package exhibits multiple indicators of malicious behavior. Both index.js and setup.py files contain code that collects sensitive system information (hostname, username, current directory, DNS servers, etc.) and transmits it to external servers using Oastify URLs (https://t939aacpj98mgkavtuj7xzvnwe25qwhk6.oastify.com and https://zjmfkgmvtfisqqk130td755t6kcb0go5.oastify.com). The LLM analysis confirms this data exfiltration. Additionally, the YARA rule very_high_entropy matched a file, and there's an extension mismatch in one of the files, further raising suspicion. The combination of these factors strongly suggests malicious intent.
