malware npm

@bytemend/mfebus

discovered 2026-06-23

Campaign member. Version 1.4.2 ships a ~277KB obfuscated payload (dist/bootstrap.js) auto-executed via postinstall 'node dist/bootstrap.js'. Latest 1.4.5 scrubbed to empty scripts. Same execution wrapper and javascript-obfuscator toolchain as the @apexcraft/nano-key root lineage.

Threat types

credential_stealer data_exfiltration persistence typosquat

Malicious versions

  • 1.4.2 · 6b02aef19764aa5f…

Campaigns

Indicators

Techniques

Read the full analysis →