mal-2026-3337
Vulnerability from ossf_malicious_packages
Wave 2 of a dependency confusion attack campaign (C2: oob.moika.tech) targeting internal npm scopes. The attacker (npm user t-in-one, email nath.dr4k3@gmail.com) published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign shares the same C2 endpoint (https://oob.moika.tech/report), second-stage payload host (https://oob.moika.tech/payload), and hardcoded secret (l95HdDaz3kQx1Zsg3WxH6HvKANf51RY1) as Wave 1 (npm users mr.4nd3r50n and pik-libs, published 2026-05-27).
On installation, the postinstall hook executes a three-layer obfuscated scripts/postinstall.js (obfuscator.io + custom base64 alphabet + integer-shuffle string table). The script checks a run-once guard at ~/.cache/._t-in-one_init/ and respects a T_IN_ONE_NO_TELEMETRY kill switch before proceeding. It then downloads an OS-specific second-stage JavaScript payload from https://oob.moika.tech/payload/{mac|win|linux}.js, writes it to a temporary file, and spawns it as a detached Node.js process that continues running after npm exits. The payload exfiltrates the full process.env (environment variables including secrets, tokens, and credentials), along with hostname, username, platform, architecture, and working directory, to https://oob.moika.tech/report.
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (089dfa75307d4ce13475988ce1c9ab73a9250a379ed986bdcf79589272715fc3)
The package @t-in-one/save_application_hid_to_storage was found to contain malicious code.
Source: ossf-package-analysis (e975d13838b79119209fb0823c23f1c32486e514dc9d505d5186d2713e822738)
The OpenSSF Package Analysis project identified '@t-in-one/save_application_hid_to_storage' @ 99.0.7 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@t-in-one/save_application_hid_to_storage"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"versions": [
"99.0.7"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
},
{
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
],
"name": "OpenSSF: Package Analysis",
"type": "FINDER"
},
{
"contact": [
"https://safedep.io"
],
"name": "SafeDep",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"import_time": "2026-05-04T23:49:24.547405002Z",
"modified_time": "2026-05-04T10:10:51Z",
"sha256": "e975d13838b79119209fb0823c23f1c32486e514dc9d505d5186d2713e822738",
"source": "ossf-package-analysis",
"versions": [
"99.0.7"
]
},
{
"import_time": "2026-05-12T07:28:47.129896651Z",
"modified_time": "2026-05-12T06:53:21Z",
"sha256": "089dfa75307d4ce13475988ce1c9ab73a9250a379ed986bdcf79589272715fc3",
"source": "amazon-inspector",
"versions": [
"99.0.7"
]
}
]
},
"details": "Wave 2 of a dependency confusion attack campaign (C2: `oob.moika.tech`) targeting internal npm scopes. The attacker (npm user **t-in-one**, email `nath.dr4k3@gmail.com`) published packages at inflated versions that resolve ahead of private registry versions via npm\u0027s default version resolution. The campaign shares the same C2 endpoint (`https://oob.moika.tech/report`), second-stage payload host (`https://oob.moika.tech/payload`), and hardcoded secret (`l95HdDaz3kQx1Zsg3WxH6HvKANf51RY1`) as Wave 1 (npm users **mr.4nd3r50n** and **pik-libs**, published 2026-05-27).\n\nOn installation, the `postinstall` hook executes a three-layer obfuscated `scripts/postinstall.js` (obfuscator.io + custom base64 alphabet + integer-shuffle string table). The script checks a run-once guard at `~/.cache/._t-in-one_init/` and respects a `T_IN_ONE_NO_TELEMETRY` kill switch before proceeding. It then downloads an OS-specific second-stage JavaScript payload from `https://oob.moika.tech/payload/{mac|win|linux}.js`, writes it to a temporary file, and spawns it as a detached Node.js process that continues running after npm exits. The payload exfiltrates the full `process.env` (environment variables including secrets, tokens, and credentials), along with hostname, username, platform, architecture, and working directory, to `https://oob.moika.tech/report`.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (089dfa75307d4ce13475988ce1c9ab73a9250a379ed986bdcf79589272715fc3)\nThe package @t-in-one/save_application_hid_to_storage was found to contain malicious code.\n\n## Source: ossf-package-analysis (e975d13838b79119209fb0823c23f1c32486e514dc9d505d5186d2713e822738)\nThe OpenSSF Package Analysis project identified \u0027@t-in-one/save_application_hid_to_storage\u0027 @ 99.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
"id": "MAL-2026-3337",
"modified": "2026-05-29T21:56:15Z",
"published": "2026-05-04T10:10:51Z",
"references": [
{
"type": "REPORT",
"url": "https://safedep.io/oob-moika-tech-dependency-confusion-campaign/"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in @t-in-one/save_application_hid_to_storage (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.