Malware detected: Exfiltrates .env file keys to Discord webhook. High confidence due to multiple indicators in package/lib/tools.js.
No verification record available.
The package pino-sdk-v2 version 9.9.0 is highly likely to be malware. The primary reason is the presence of code in package/lib/tools.js that is designed to extract sensitive information (private keys) from .env files and exfiltrate it to a Discord webhook. This behavior is identified by the LLM-based file evaluation service with medium confidence. Additionally, the YARA rule discord_bot is triggered in the same file, further supporting the malicious intent. Although the YARA rule matches for high entropy in image files are likely false positives, the combination of credential leakage and Discord webhook usage provides strong evidence of malicious activity.
