clob.apinpm
Malicious code in clob.api (npm) Remove it immediately and rotate any exposed credentials.
What this malware does
A campaign of npm packages sharing a common dropper (clob.js) that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways (Pinata, Cloudflare, ipfs.io), drops it to %LOCALAPPDATA%, registers Windows Registry persistence under HKCU\Software\Microsoft\Windows\CurrentVersion\Run using a hidden VBScript wrapper (window style 0, no taskbar entry), launches the payload immediately, and reports the victim's public IP address to a hardcoded C2 server via HTTP POST. macOS and Linux stubs are present but not yet configured. Developer artifacts bundled in config/meta_data.json leak the attacker's build path: E:\getting IP and check list\clob-downloader\.
clob.api bundles clob2.0.exe (≈4 MB) directly in the package tarball and also attempts to fetch an identical copy from IPFS at install time. Its postinstall script runs clob.js, which drops the executable to %LOCALAPPDATA%\clob2.0.exe. The C2 beacon transmits the victim's public IP to http://45.8.22.112:2026/api/urls.
On install, package.json's postinstall hook runs node clob.js, which (1) downloads clob2.0.exe (Windows) or clob (macOS/Linux) from IPFS gateways including violet-tricky-quelea-562.mypinata.cloud, cloudflare-ipfs.com, ipfs.io, and gateway.pinata.cloud, falling back to a 4 MB clob2.0.exe PE binary bundled directly in the tarball; (2) writes the binary to %LOCALAPPDATA% / ~/.local/bin and launches it hidden via a generated VBS launcher invoked through wscript.exe //nologo with windowsHide:true; (3) installs autorun across all three operating systems — HKCU\Software\Microsoft\Windows\CurrentVersion\Run on Windows, ~/Library/LaunchAgents/com.clob.agent.plist with launchctl load on macOS, and ~/.config/autostart/clob.desktop on Linux; and (4) resolves the installer's public IP via api.ipify.org and POSTs it to a hardcoded bare-IP C2 endpoint at http://45.8.22.112:2026/api/urls?url=<public_ip>. The README is verbatim copied from @img/sharp-win32-x64 to impersonate the legitimate Sharp prebuilt, while package.json's own description ("Downloads clob2.0.exe on install") contradicts the README — this is deliberate camouflage. The bundled PE is undocumented and serves no advertised purpose.
Malicious versions
Indicators of compromise (SHA-256)
Detection & response playbook
Backdoor / remote accessFind it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for clob.api (version 2.73.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging clob.api across your stack and pipelines.
If you installed it — respond
clob.api establishes remote access, so treat any host that installed it as fully compromised. Isolate the machine, remove the package, rotate all credentials it could reach, and rebuild from a trusted image rather than cleaning in place — a backdoor may have planted additional persistence.
Did it already run?
If clob.api was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks clob.api before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.
Frequently asked questions
Campaign
References
Credits
- Amazon Inspector · finder
- SafeDep · finder
Detect & block this
O3 blocks clob.api-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the C2 callback and severs the channel.