Malicious versions 1.1.11, 1.1.12, and 1.1.13 of the pgserve npm package were published on April 21, 2026, injecting a 1,143-line credential-harvesting script that runs automatically via the postinstall hook. The malware harvests environment variables, SSH keys, cloud credentials (AWS, Azure, GCP), crypto wallets, and Chrome browser passwords. Stolen data is encrypted with RSA-4096 + AES-256 and exfiltrated to an Internet Computer Protocol (ICP) blockchain canister — chosen because it cannot be taken down by law enforcement or domain seizure. The malware also functions as a supply-chain worm: if it finds an npm publish token, it re-injects itself into every package that token can publish, and can spread to PyPI packages via .pth file injection. Detection was achieved by StepSecurity's AI Package Analyst and Harden-Runner, which confirmed live exfiltration and blocked both exfil domains. The last safe version is 1.1.10.
Table of contents
What Changed in the Compromised VersionsThe Malware: scripts/check-env.jsDetection: AI Package AnalystRuntime Validation with StepSecurity Harden-RunnerIndicators of CompromiseSort: