Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

box-react-uixnpm

Malicious code in box-react-uix (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10227
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall box-react-uix

What this malware does

The box-react-uix package was published to the npm registry by user 'click2ai' (maintainer email [email protected]) as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization (a 'box' internal namespace) so that a misconfigured resolver installs this public lookalike instead of the intended private dependency.

The package declares a preinstall hook ("npm install @sentry/node && node examples/verify.js") that executes automatically at npm install time, before any application code runs. The bundled examples/verify.js initializes the @sentry/node client against a hardcoded, attacker-controlled Sentry DSN with sendDefaultPii enabled, resolves the installing host's public egress IP address by requesting Cloudflare's /cdn-cgi/trace endpoint (using a spoofed desktop-browser User-Agent to bypass bot challenges), then deliberately triggers a runtime exception and captures it. Flushing the event beacons the collected host telemetry (public IP plus Sentry default PII such as hostname, OS username and runtime/environment metadata) to the attacker's Sentry ingest endpoint at o4510485815754752.ingest.us.sentry.io.

Each impersonated namespace in the campaign beacons to a distinct Sentry project ID, letting the operator attribute successful installs to specific victim organizations — behaviour consistent with a dependency-confusion reconnaissance beacon rather than legitimate error monitoring. The install-time payload is byte-for-byte identical across all packages published by this account, differing only in the package name and the target DSN. This package's beacon targets Sentry project 4511675212038149.

package.json declares a preinstall script ("npm install @sentry/node && node examples/verify.js") that fires automatically on npm install. examples/verify.js invokes the library's init() without providing a DSN, which causes src/index.js to fall back to a hardcoded DEFAULT_DSN pointing at an author-owned Sentry project (o4510485815754752.ingest.us.sentry.io/4511675212038149). The wrapper enables Sentry's sendDefaultPii: true, resolves the installer's public IP via Cloudflare's trace endpoint, attaches it as the Sentry user identity, and triggers a synthetic exception that is captured and transmitted to the author's Sentry ingest — so simply running npm install box-react-uix ships the installer's public IP and host/error context to a hardcoded author-controlled endpoint with no opt-in. Separately, the library's runtime init() defaults any consumer who forgets to pass a dsn to the same author-owned Sentry destination, silently relaying caller-side exceptions and PII to the author. The package name suggests a Box (box.com) React UI toolkit, but the tarball contains no UI code — only this Sentry phone-home wrapper — consistent with a lure/name-mismatch pattern.

Malicious versions

1 flagged
18.6.91

Indicators of compromise (SHA-256)

861d3b0850fd047d978191773d5ba2e070a1fa598074b63774561e6fa30c0aa4

Detection & response playbook

Backdoor / remote access
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for box-react-uix (version 18.6.91). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging box-react-uix across your stack and pipelines.

  2. If you installed it — respond

    box-react-uix establishes remote access, so treat any host that installed it as fully compromised. Isolate the machine, remove the package, rotate all credentials it could reach, and rebuild from a trusted image rather than cleaning in place — a backdoor may have planted additional persistence.

  3. Did it already run?

    If box-react-uix was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks box-react-uix before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. box-react-uix on npm has been identified as a malicious package (version 18.6.91 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-009870

References

Credits

  • Amazon Inspector · finder
  • SafeDep · finder

Detect & block this

O3 blocks box-react-uix-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the C2 callback and severs the channel.