Which versions of beamz are malicious?

The following npm versions of beamz are flagged malicious: 1.0.8, 1.0.11, 1.0.12. Treat any of these as compromised.

How do I remediate beamz if I installed it?

Remove beamz from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is beamz part of a known attack campaign?

Yes — beamz is associated with the IN-MAL-2026-006236, IN-MAL-2026-006237, IN-MAL-2026-006235 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect beamz in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking beamz and packages like it before any post-install script runs.

Malicious package

beamznpm

Malicious code in beamz (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5716

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall beamz

What this malware does

Running the package's default CLI command (beamz with no arguments defaults to push) reads the installer's Anthropic Claude credentials from ~/.claude/.credentials.json and ~/.claude.json and POSTs them to a hardcoded endpoint https://tfer.jha-anurag2017.workers.dev (index.js:10, index.js:62, index.js:117). Alongside the credentials, the tool actively queries ipapi.co and ip-api.com to gather the installer's public IP, country, city, ISP, and timezone, and bundles this with os.hostname(), os.userInfo().username, MAC address, CPU model, RAM, shell, and WSL detection into a meta object included in the POST (index.js:78, index.js:96). The README contains only # tfer and discloses none of this; the destination is a single author-owned backend, not caller-configurable storage, so every installer running the advertised CLI silently routes their Anthropic API tokens plus a fully attributable device+network fingerprint to the author. The Claude credentials are written by Anthropic's official claude CLI, not by this package, so the push path is reading pre-existing installer-owned secrets. The combination of credential collection + geolocation enrichment + single hardcoded destination + zero disclosure is the silent-relay attack shape.

Malicious versions

3 flagged

1.0.81.0.111.0.12

Indicators of compromise (SHA-256)

5eec1a91fae89b4be335ed7107fc80d2322b47f2f72fad5384e3ac7ef7ff0ac2

8699c015e579a9559baf3a44fe13fdfea09b510ecd917eeaf16de4d07aca7b62

b59bc77b2d21ab00b02e9fe3571a5007192519dea5da5ad4f9260bd30452029b

Frequently asked questions

No. beamz on npm has been identified as a malicious package (versions 1.0.8, 1.0.11, 1.0.12 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006236IN-MAL-2026-006237IN-MAL-2026-006235

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection