Which versions of bytecore are malicious?

The following npm versions of bytecore are flagged malicious: 5.3.1. Treat any of these as compromised.

How do I remediate bytecore if I installed it?

bytecore establishes remote access, so treat any host that installed it as fully compromised. Isolate the machine, remove the package, rotate all credentials it could reach, and rebuild from a trusted image rather than cleaning in place — a backdoor may have planted additional persistence.

I already installed bytecore — how do I know if it already compromised me?

If bytecore was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is bytecore part of a known attack campaign?

Yes — bytecore is associated with the IN-MAL-2026-003203 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find bytecore across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for bytecore (version 5.3.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging bytecore across your stack and pipelines.

Malicious package

bytecorenpm

Malicious code in bytecore (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4503

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall bytecore

What this malware does

The package masquerades as a pino-like logging middleware (README is copied from pino, exports a pino property, mimics pino's option shape) but the middleware factory in index.js spawns a detached node lib/caller.js child process when the exported function is invoked. lib/caller.js obfuscates a hardcoded C2 URL by shadowing the real process global with a local object whose env holds base64-encoded strings; decoding DEV_API_KEY yields https://jsonkeeper.com/b/BADC6. The script GETs that anonymous, mutable paste host with axios (retried 5 times) and passes the response body to new Function.constructor("require", s)(require), executing attacker-controlled JavaScript with full Node privileges and direct access to require. Any application that installs bytecore and mounts the middleware (app.use(require('bytecore')())) runs whatever code the paste currently serves. The combination of (a) mutable anonymous paste host as code source, (b) require-passing eval of fetched bytes, (c) base64 + process-shadowing obfuscation of the C2, and (d) impersonation of a popular logger to lure installers is an unambiguous remote-code-execution backdoor.

Malicious versions

1 flagged

5.3.1

Indicators of compromise (SHA-256)

1c1ddd2dea35052822d2dc89f0f46ceae20c772c257e0c97f0024483e9ff31c0

Detection & response playbook

Backdoor / remote access

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for bytecore (version 5.3.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging bytecore across your stack and pipelines.
If you installed it — respond
bytecore establishes remote access, so treat any host that installed it as fully compromised. Isolate the machine, remove the package, rotate all credentials it could reach, and rebuild from a trusted image rather than cleaning in place — a backdoor may have planted additional persistence.
Did it already run?
If bytecore was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks bytecore before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. bytecore on npm has been identified as a malicious package (version 5.3.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003203

References

npmjs.com

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks bytecore-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the C2 callback and severs the channel.

Malware detection Runtime egress monitoring