MAL-2026-4739
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816)
package.json declares "preinstall": "./.github/scripts/precheck", pointing to a 976 KB Linux ELF executable (sha256 36abd242ddaa27f0160c539377a0e92cf781c1695137850acc87e3892b436d36) shipped inside the tarball at .github/scripts/precheck. The binary runs automatically with the installer's privileges on every npm install. The package self-describes as a pure-JS 'Zero Knowledge Provable JSON' library whose main exports only JS classes from cjs/index.js; there is no source, build script, documentation, or stated purpose justifying a native executable. Extracted strings indicate HTTP-client primitives (HTTP/1.1, POST, GET, Host:, https://) and OAuth-related tokens, consistent with a network-active payload. There is no version pinning, no hash verification, and no reproducible build path for the binary — the published bytes are the only artifact installers receive. Shipping an opaque networked ELF as a preinstall hook in a library that advertises no native component is the canonical install-time dropper shape and gives the publisher arbitrary code execution on every installer's machine.
Source: google-open-source-security (146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae)
This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinstall hook. The payload is a Rust-built infostealer that targets developer environments, scanning for and harvesting credentials related to cloud providers, object storage, databases, source-control, package registries, and AI developer tools. It also targets cryptocurrency wallets, specifically injecting a malicious JavaScript hook into the Exodus desktop wallet to capture passwords and recovery phrases. Furthermore, the malware exhibits worm-like behavior by stealing GitHub and NPM credentials to push malicious updates to the victim's repositories and publish trojanized packages, and it uses an eBPF-based kernel rootkit to hide its processes and network connections on Linux systems.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": ".github/scripts/precheck",
"sha256": "36abd242ddaa27f0160c539377a0e92cf781c1695137850acc87e3892b436d36",
"tlsh": "0c2533ab0025062b904d957a58963bd279c17c81afcc3662664dae742fb59c3cf63fc3"
}
],
"package_integrity": [
{
"filename": "zkjson-0.8.5.tgz",
"hashes": {
"sha1": "9eb45e87eaca9900daff4bb64dc0ca2cd2bd9ab4",
"sha512_sri": "sha512-EHTv+P/2UWsYZ2z7NvlS9nJ9A0DTPYo/aWNDIGVIhKRKeFMXus83+Bg8b5Z1oyse2RlY402o/3HEJyjdOyJSMQ=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "zkjson"
},
"versions": [
"0.8.5"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-004810",
"import_time": "2026-05-26T05:53:19.583301181Z",
"modified_time": "2026-05-26T00:59:30Z",
"sha256": "758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816",
"source": "amazon-inspector",
"versions": [
"0.8.5"
]
},
{
"import_time": "2026-06-04T22:42:01.227855Z",
"modified_time": "2026-06-04T22:28:51.769005667Z",
"sha256": "146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae",
"source": "google-open-source-security",
"versions": [
"0.8.5"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816)\npackage.json declares `\"preinstall\": \"./.github/scripts/precheck\"`, pointing to a 976 KB Linux ELF executable (sha256 36abd242ddaa27f0160c539377a0e92cf781c1695137850acc87e3892b436d36) shipped inside the tarball at `.github/scripts/precheck`. The binary runs automatically with the installer\u0027s privileges on every `npm install`. The package self-describes as a pure-JS \u0027Zero Knowledge Provable JSON\u0027 library whose `main` exports only JS classes from `cjs/index.js`; there is no source, build script, documentation, or stated purpose justifying a native executable. Extracted strings indicate HTTP-client primitives (`HTTP/1.1`, `POST`, `GET`, `Host:`, `https://`) and OAuth-related tokens, consistent with a network-active payload. There is no version pinning, no hash verification, and no reproducible build path for the binary \u2014 the published bytes are the only artifact installers receive. Shipping an opaque networked ELF as a preinstall hook in a library that advertises no native component is the canonical install-time dropper shape and gives the publisher arbitrary code execution on every installer\u0027s machine.\n\n## Source: google-open-source-security (146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae)\nThis package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinstall hook. The payload is a Rust-built infostealer that targets developer environments, scanning for and harvesting credentials related to cloud providers, object storage, databases, source-control, package registries, and AI developer tools. It also targets cryptocurrency wallets, specifically injecting a malicious JavaScript hook into the Exodus desktop wallet to capture passwords and recovery phrases. Furthermore, the malware exhibits worm-like behavior by stealing GitHub and NPM credentials to push malicious updates to the victim\u0027s repositories and publish trojanized packages, and it uses an eBPF-based kernel rootkit to hide its processes and network connections on Linux systems.\n",
"id": "MAL-2026-4739",
"modified": "2026-06-04T23:12:22Z",
"published": "2026-05-26T00:59:30Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/zkjson/v/0.8.5"
},
{
"type": "ARTICLE",
"url": "http://www.ox.security/blog/ironworm-supply-chain-malware-hits-npm/"
},
{
"type": "ARTICLE",
"url": "https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in zkjson (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.