shop-minis-2.0.5.tgz

TAR.GZ

HOSTILE

Mal-ecule

Size 762 B download

First seen 23 days ago

Analyzed 23 days ago

Ecosystem javascript

Source npmjs.org

Objectives

exfiltration/dns Long subdomain encoding pattern

supply-chain/metadata-anomaly/manifest Package claims security research but runs install hooks

supply-chain/recon-exfil Tiny postinstall sidecar payload

discovery/system/fingerprint Collects operating system platform

execution/interpreter/script npm postinstall hook present

exfiltration/oob Oastify OOB service

supply-chain/hidden-payload Postinstall runs local node loader

supply-chain/install-hook/scripts Has postinstall script hook

supply-chain/metadata-anomaly/registry Registry metadata postinstall runs node script

supply-chain/trojanized/app Obfuscated dropper with exfiltration

communications/http/request Node.js https.get

os/sysinfo os.hostname() call

process/create/shell Executes shell commands synchronously

import require('https') import

package npm package missing license field

package/fields Package provides CLI binary

lang Node.js shebang line

lang/encoded JavaScript file basename

script Script 'postinstall' executes node interpreter

install-hook Package has 'postinstall' hook that runs during install

20 of 38 traits shown

SHA-256	4be8db89785114ce9919d6d822f8363725890fa6cc2fa567a5fd73ee72854016
Filename	shop-minis-2.0.5.tgz

Ecosystem	javascript
Domain	npmjs.org

First seen	26 May 2026 11:26 UTC
Last analyzed	26 May 2026 12:17 UTC

Not seeing what you expected? Let us know