New Blog: Mastra npm Scope Takeover: 141 Packages Drop a RAT
Edit Calendar Icon 17 Jun 2026
SafeDep Logo
malware npm

@mastra/speech-ibm

discovered 2026-06-17

First-party @mastra package republished by the compromised ehindero account on 2026-06-17 with library code unchanged and a single injected dependency (easy-day-js ^1.11.21) that drops a cryptocurrency-stealing RAT. Published with dist.attestations=null (no OIDC/SLSA provenance).

Threat types

rat c2_agent crypto_drainer credential_stealer persistence

Malicious versions

  • 0.2.1

Campaigns

Read the full analysis →