Which versions of @access-risk/browser-remedy-react are malicious?

The following npm versions of @access-risk/browser-remedy-react are flagged malicious: 99.0.0, 99.1.1. Treat any of these as compromised.

How do I remediate @access-risk/browser-remedy-react if I installed it?

Remove @access-risk/browser-remedy-react from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is @access-risk/browser-remedy-react part of a known attack campaign?

Yes — @access-risk/browser-remedy-react is associated with the IN-MAL-2026-005284, IN-MAL-2026-005285, IN-MAL-2026-005287, IN-MAL-2026-005286 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect @access-risk/browser-remedy-react in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking @access-risk/browser-remedy-react and packages like it before any post-install script runs.

Malicious package

@access-risk/browser-remedy-reactnpm

Malicious code in @access-risk/browser-remedy-react (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5520

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @access-risk/browser-remedy-react

What this malware does

On npm install, postinstall.js executes automatically and collects host identity and environment details using os.hostname(), process.cwd(), and filesystem reads, base64-encodes the data via Buffer.from(...).toString('base64'), and exfiltrates it through both DNS lookups (require('dns')) and HTTPS requests (require('https')). The dual-channel base64 exfiltration shape (DNS tunneling plus HTTPS POST) combined with collection of system identifiers is the canonical install-time data-theft fingerprint and provides direct attacker benefit: any machine running npm install for this package leaks identifying information to an external destination automatically, before the user has reviewed any package code.

Malicious versions

2 flagged

99.0.099.1.1

Indicators of compromise (SHA-256)

0de4bc9f19feea718e091e9b0a480e9b939cdffa88109375020895c99efa489c

22983c18e4a01fe9480967291bc8310bcf231043926db46d1a744c79cf1f85a6

9556d538cc707208472ce3125a1a1355360126cf001957d2335ca5f4596a7e8a

a31321d1ff1c689bc766a4c0c6cbe3419e4e3d9f05be465a59ce8e20d2ccab2c

Frequently asked questions

No. @access-risk/browser-remedy-react on npm has been identified as a malicious package (versions 99.0.0, 99.1.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005284IN-MAL-2026-005285IN-MAL-2026-005287IN-MAL-2026-005286

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection