Which versions of @coze-common/chat-area are malicious?

The following npm versions of @coze-common/chat-area are flagged malicious: 99.1.1. Treat any of these as compromised.

How do I remediate @coze-common/chat-area if I installed it?

Remove @coze-common/chat-area from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is @coze-common/chat-area part of a known attack campaign?

Yes — @coze-common/chat-area is associated with the IN-MAL-2026-005312, IN-MAL-2026-005313 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect @coze-common/chat-area in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking @coze-common/chat-area and packages like it before any post-install script runs.

Malicious package

@coze-common/chat-areanpm

Malicious code in @coze-common/chat-area (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5533

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @coze-common/chat-area

What this malware does

This package is a dependency-confusion/namespace-squat against ByteDance's @coze-common scope. The library is hollow — index.js is module.exports = {} and the description ('Browser accessibility and security utilities for React') does not match the package name. The harm runs at install time: package.json declares postinstall: node postinstall.js, and postinstall.js collects os.hostname(), os.userInfo().username, process.cwd(), and a recursive directory listing of the install working directory, base64-encodes the JSON payload, and POSTs it to https://wybqtvzmfhssbvhokfgbvgaalpfg1vneq.oast.fun/ via https.request. A DNS covert channel (dns.lookup of a hex-encoded hostname+username subdomain under the same oast.fun host) is used as fallback to bypass HTTP egress filters. oast.fun is Interactsh out-of-band infrastructure used for reconnaissance against the installer's machine; the version 99.1.1 is the shadowing pattern used to win dependency-confusion resolution against the legitimate private @coze-common scope.

Malicious versions

1 flagged

99.1.1

Indicators of compromise (SHA-256)

89b49d08422192fa57b4739bf462f0e8b3c206b2c3cfad15578ac92dd6f47b04

cbfda63254e85169b3209df4260781e717ac5e9de9736408dfd4c3e9e258fd1e

Frequently asked questions

No. @coze-common/chat-area on npm has been identified as a malicious package (version 99.1.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005312IN-MAL-2026-005313

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection