Which versions of apple-app-store-server-library-poc are malicious?

The following npm versions of apple-app-store-server-library-poc are flagged malicious: 133.7.1, 134.0.2, 134.0.5, 134.0.15, 134.0.58, 135.0.5, 135.0.13, 135.0.16, 135.0.17. Treat any of these as compromised.

How do I remediate apple-app-store-server-library-poc if I installed it?

Remove apple-app-store-server-library-poc from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed apple-app-store-server-library-poc — how do I know if it already compromised me?

If apple-app-store-server-library-poc was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is apple-app-store-server-library-poc part of a known attack campaign?

Yes — apple-app-store-server-library-poc is associated with the GHSA-4r99-2267-v7p2 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find apple-app-store-server-library-poc across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for apple-app-store-server-library-poc (9 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging apple-app-store-server-library-poc across your stack and pipelines.

Malicious package

apple-app-store-server-library-pocnpm

Malicious code in apple-app-store-server-library-poc (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-3123

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall apple-app-store-server-library-poc

What this malware does

The package apple-app-store-server-library-poc was found to contain malicious code.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The OpenSSF Package Analysis project identified 'apple-app-store-server-library-poc' @ 135.0.17 (npm) as malicious.

It is considered malicious because:

The package executes one or more commands associated with malicious behavior.

Malicious versions

9 flagged

133.7.1134.0.2134.0.5134.0.15134.0.58135.0.5135.0.13135.0.16135.0.17

Indicators of compromise (SHA-256)

e06ae264d59ade34592f37b13329cc02d0a0e815171ac5fc180caf582d711823

9c8b38f31e2f3897ab9d269fa69f36639f74d7f87526248cbf490925c25885b1

d518ca9008c9e176a3eff511eb039522c686032ecbcb65a4f46beaf332a9bf87

d5460313c18f1ef79ea16dbae33146a3d9d1022546f8ece634ebf27a22345d8e

e8d3618a43f8c8e888ca1b451f48e4852ef5bb72bdd55ee1763f3f6a9147b665

343c1babb60c55c595b8534000e83daadebf99c43daf23b10ea2a55bae71bf42

4a4cc555a05d80e4f42716e173cde156f94f503dba130bca9c285be448a7aae5

747103d5191d0c70332603bc1c63a843e7070833557146ac3c1146dea2d3e077

94a79401ac663dbe15b6ece1143b1eb6a8a04922a8a961d189c8c98e55e90198

9492c4edc5c26dcb1ab2b1d746d8f7e798f1fc07634cce69400e69f16793e561

7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for apple-app-store-server-library-poc (9 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging apple-app-store-server-library-poc across your stack and pipelines.
If you installed it — respond
Remove apple-app-store-server-library-poc from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If apple-app-store-server-library-poc was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks apple-app-store-server-library-poc before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. apple-app-store-server-library-poc on npm has been identified as a malicious package (versions 133.7.1, 134.0.2, 134.0.5, 134.0.15, 134.0.58, 135.0.5, 135.0.13, 135.0.16, and 1 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

GHSA-4r99-2267-v7p2

References

github.com

Credits

Amazon Inspector · finder
OpenSSF: Package Analysis · finder

Detect & block this

O3 blocks apple-app-store-server-library-poc-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring