malware npm

@withgoogle/stitch-sdk

discovered 2026-06-19

Scope squatting attack impersonating Google's legitimate @google/stitch-sdk for the Google Stitch AI design tool. Registers the @withgoogle npm scope (first-come-first-served, Google publishes under @google not @withgoogle). Dual execution paths: preinstall hook and CLI binary both harvest developer credentials from 8 sources (Claude Code auth, git config, .gitconfig, .git-credentials, SSH public keys, GitHub CLI, npm config/.npmrc, Docker config). Exfiltrates via HTTPS GET to stitch-production.org with TLS validation disabled. No code obfuscation. Claude Code targeted as first priority. v0.1.2 adds fallback beacon for zero-credential installs.

more…

Threat types

credential_stealer data_exfiltration

Malicious versions

0.1.1 · ba5b2a9a7fe59673…
0.1.2 · 638b523ddd3382b6…

Indicators

domain stitch-production.orgcommunicates-with
url https://stitch-production.org/api/v1exfiltrates-to
email [email protected]communicates-with
ipv4 172.67.189.185communicates-with
ipv4 104.21.65.94communicates-with

Techniques

ttp T1036 Masqueradinguses
ttp npm Scope Squattinguses
ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1041 Exfiltration Over C2 Channeluses
ttp T1195.002 Compromise Software Supply Chainuses