Note: This report is updated by a verification record
Sibling of flow-lending@9.9.9 campaign (C2 path /surflending/). Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets (mnemonic/key/token/blockfrost) to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252.
The package is marked as malware by OSV: MAL-2026-5808 with source: amazon-inspector
Note: This report is updated by a verification record
