{
  "schema_version": "1.6.0",
  "id": "CLR-2026-2999",
  "modified": "2026-07-09T10:00:00Z",
  "published": "2026-07-09T10:00:00Z",
  "summary": "Dependency-confusion probe that steals cloud credentials + your whole environment on install",
  "details": "The npm package antsrcsrctest@1.0.0 ships a harmless-looking formatDate helper as cover. Its real payload is a preinstall hook that runs the moment you npm install — before any of your code. It fingerprints the host, runs shell recon (id, whoami, ps aux), queries the cloud instance-metadata service for RAM/IAM security credentials, dumps your entire process.env, and POSTs all of it to a hard-coded raw IP. The package name targets an internal antsrc* namespace — a classic dependency-confusion lure. Not in OSV, still live on npm at time of writing.",
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "antsrcsrctest"
      },
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://research.codelake.dev/advisories/clr-2026-2999-antsrcsrctest"
    }
  ],
  "credits": [
    {
      "name": "Sascha Klein, codelake Research",
      "type": "FINDER",
      "contact": [
        "https://research.codelake.dev"
      ]
    }
  ],
  "database_specific": {
    "caseId": "CLR-2026-2999",
    "kind": "malware",
    "class": "Cloud-credential / env stealer",
    "severity": "Critical",
    "status": "Confirmed malicious",
    "iocs": {
      "ips": [
        "100.100.100.200",
        "101.35.44.248"
      ],
      "hashes": [],
      "indicators": [
        "antsrcsrctest@1.0.0 (npm) — published 2026-07-09T03:46 UTC, still live at time of writing",
        "package.json: \"preinstall\": \"node preinstall.js\" — runs on install, before import",
        "index.js exports a benign formatDate() — cover for a \"date utility\" look",
        "Cloud IMDS: http://100.100.100.200/latest/meta-data/ · /latest/meta-data/ram/security-credentials/ (Alibaba Cloud RAM/IAM temp credentials)",
        "child_process.execSync: id, whoami, hostname, ps aux · container probes /.dockerenv, /proc/1/cgroup, /proc/self/mountinfo",
        "Dumps the entire process.env (all secrets/tokens/keys)",
        "HTTP POST → http://101.35.44.248/ (recon) and http://101.35.44.248/env (environment) — hard-coded raw IP"
      ]
    }
  }
}