MAL-2026-10028: Malicious code in @wagni_bot/metemask-sdk (npm)
The @wagni_bot/metemask-sdk npm package is a malicious typosquat of the legitimate metamask-sdk package. It contains no functional code but includes a postinstall script that executes automatically during npm install. This script recursively searches common directories and environment variables for sensitive credentials such as SSH private keys, crypto wallet seeds, and secret environment variables. The stolen data is then exfiltrated to an attacker-controlled Telegram channel. This threat targets developers who mistakenly install this similarly named package.
AI Analysis
Technical Summary
@wagni_bot/metemask-sdk is a malicious npm package designed as a single-character typosquat of the legitimate metamask-sdk. Its index.js is an empty stub, but it includes a postinstall hook that runs automatically on npm install. This hook recursively scans the current working directory, the user's home directory, and the ~/.ssh directory for files with names indicating sensitive credentials (.env, .pem, mnemonic, id_rsa, etc.). It also collects environment variables containing keywords like PRIVATE, SECRET, TOKEN, and PASSWORD. Host identifiers such as hostname and user info are gathered. All harvested data is sent in chunks via HTTP POST requests to a Telegram bot endpoint controlled by the attacker. The package affects specific versions explicitly listed and is not a cloud service. There is no CVSS score or known exploits in the wild documented.
Potential Impact
Successful installation of this package leads to theft of sensitive credentials including SSH private keys, crypto wallet seed phrases, dotenv secrets, and environment variables containing secrets. This can result in unauthorized access to developer systems, cloud accounts, and cryptocurrency wallets. The exfiltration to an attacker-controlled Telegram channel enables remote attackers to collect these credentials stealthily during the npm install process.
Mitigation Recommendations
No official patch or remediation is available since this is a malicious typosquat package rather than a vulnerability in legitimate software. The primary mitigation is to avoid installing this package and verify package names carefully before installation. Use trusted sources and package integrity verification methods such as npm audit, package signing, or lockfiles. Remove any instances of @wagni_bot/metemask-sdk from projects and systems if found. Monitor for suspicious postinstall scripts in dependencies.
MAL-2026-10028: Malicious code in @wagni_bot/metemask-sdk (npm)
Description
The @wagni_bot/metemask-sdk npm package is a malicious typosquat of the legitimate metamask-sdk package. It contains no functional code but includes a postinstall script that executes automatically during npm install. This script recursively searches common directories and environment variables for sensitive credentials such as SSH private keys, crypto wallet seeds, and secret environment variables. The stolen data is then exfiltrated to an attacker-controlled Telegram channel. This threat targets developers who mistakenly install this similarly named package.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
@wagni_bot/metemask-sdk is a malicious npm package designed as a single-character typosquat of the legitimate metamask-sdk. Its index.js is an empty stub, but it includes a postinstall hook that runs automatically on npm install. This hook recursively scans the current working directory, the user's home directory, and the ~/.ssh directory for files with names indicating sensitive credentials (.env, .pem, mnemonic, id_rsa, etc.). It also collects environment variables containing keywords like PRIVATE, SECRET, TOKEN, and PASSWORD. Host identifiers such as hostname and user info are gathered. All harvested data is sent in chunks via HTTP POST requests to a Telegram bot endpoint controlled by the attacker. The package affects specific versions explicitly listed and is not a cloud service. There is no CVSS score or known exploits in the wild documented.
Potential Impact
Successful installation of this package leads to theft of sensitive credentials including SSH private keys, crypto wallet seed phrases, dotenv secrets, and environment variables containing secrets. This can result in unauthorized access to developer systems, cloud accounts, and cryptocurrency wallets. The exfiltration to an attacker-controlled Telegram channel enables remote attackers to collect these credentials stealthily during the npm install process.
Mitigation Recommendations
No official patch or remediation is available since this is a malicious typosquat package rather than a vulnerability in legitimate software. The primary mitigation is to avoid installing this package and verify package names carefully before installation. Use trusted sources and package integrity verification methods such as npm audit, package signing, or lockfiles. Remove any instances of @wagni_bot/metemask-sdk from projects and systems if found. Monitor for suspicious postinstall scripts in dependencies.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10028
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a50baa368715ace43584e62
Added to database: 07/10/2026, 09:25:55 UTC
Last enriched: 07/10/2026, 10:13:25 UTC
Last updated: 07/10/2026, 18:54:48 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.