frontend-backoffice@99.9.99Malicious

Verified

Analysed at: 4/2/26, 4:56 AM

Source: https://registry.npmjs.org/frontend-backoffice/-/frontend-backoffice-99.9.99.tgz

SHA256: 10f34f764f97201f2135df403298d4b807e073737c896d04e7d99b7314bb73b6

Confidence: High

Summary

Note: This report is updated by a verification record

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation.

Verification Record

The package is marked as malware by OSV: MAL-2026-2525 with source: amazon-inspector

Details

Note: This report is updated by a verification record

The package exhibits multiple strong indicators of malicious behavior. The index.js file executes arbitrary commands and exfiltrates sensitive system information to a Telegram bot, as evidenced by the LLM analysis. Additionally, the package.json file contains a preinstall script that executes node index.js, enabling code execution upon installation, further solidifying the malicious nature of the package.

Summary

Note: This report is updated by a verification record

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation.

Verification Record

The package is marked as malware by OSV: MAL-2026-2525 with source: amazon-inspector

Details

Note: This report is updated by a verification record

frontend-backoffice@99.9.99Malicious

Verified

Analysed at: 4/2/26, 4:56 AM

Source: https://registry.npmjs.org/frontend-backoffice/-/frontend-backoffice-99.9.99.tgz

SHA256: 10f34f764f97201f2135df403298d4b807e073737c896d04e7d99b7314bb73b6

Confidence: High