Which versions of anthropic-shared-logger are malicious?

The following npm versions of anthropic-shared-logger are flagged malicious: 8.0.5. Treat any of these as compromised.

How do I remediate anthropic-shared-logger if I installed it?

anthropic-shared-logger is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed anthropic-shared-logger — how do I know if it already compromised me?

If anthropic-shared-logger was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is anthropic-shared-logger part of a known attack campaign?

Yes — anthropic-shared-logger is associated with the IN-MAL-2026-003657, IN-MAL-2026-003656 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find anthropic-shared-logger across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for anthropic-shared-logger (version 8.0.5). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging anthropic-shared-logger across your stack and pipelines.

Malicious package

anthropic-shared-loggernpm

Malicious code in anthropic-shared-logger (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4479

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall anthropic-shared-logger

What this malware does

This package impersonates Anthropic's internal namespace and self-describes as 'Full RCE PoC - Alex Birsan Style'. Its package.json declares a postinstall hook that, on every npm install, fetches the installer's public IP from api.ipify.org, runs id || ver && whoami && hostname via child_process.exec, and POSTs the hostname, current working directory, USERDOMAIN/COMPANY environment variables, IP address, and command output to a hardcoded Interactsh OOB endpoint at lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun over plain HTTP. The combination of namespace impersonation, automatic install-time shell execution, and host reconnaissance exfiltration to attacker-controlled out-of-band infrastructure is a canonical Birsan-style dependency confusion attack. Any build system that mis-resolves this name to the public registry leaks identity and host data to the attacker, enabling targeted follow-on compromise.

Malicious versions

1 flagged

8.0.5

Indicators of compromise (SHA-256)

754f7dc4855ecb1df012814bf5ec92a861958b7af0027d88d0a2cb918793cdce

e54ef50a83e2f379965286ed404d16ca3389a9ce5c8593718ef4e6f307cc6084

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for anthropic-shared-logger (version 8.0.5). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging anthropic-shared-logger across your stack and pipelines.
If you installed it — respond
anthropic-shared-logger is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If anthropic-shared-logger was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks anthropic-shared-logger before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. anthropic-shared-logger on npm has been identified as a malicious package (version 8.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003657IN-MAL-2026-003656

References

npmjs.com

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks anthropic-shared-logger-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring