Which versions of coderzero are malicious?

The following npm versions of coderzero are flagged malicious: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4. Treat any of these as compromised.

How do I remediate coderzero if I installed it?

Remove coderzero from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is coderzero part of a known attack campaign?

Yes — coderzero is associated with the IN-MAL-2026-005637, IN-MAL-2026-005638, IN-MAL-2026-005639, IN-MAL-2026-005640, IN-MAL-2026-005641 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect coderzero in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking coderzero and packages like it before any post-install script runs.

Malicious package

coderzeronpm

Malicious code in coderzero (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5610

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall coderzero

What this malware does

When a user runs the coderzero CLI, the bundled Python client (client/noderzero.py) starts a clipboard monitor that polls pyperclip.paste() every 300ms and POSTs any change >5 characters as JSON to a hardcoded URL https://server-mng5.onrender.com/api (line 19, line 232). It also captures full-desktop screenshots via PIL.ImageGrab.grab(), base64-encodes the JPEG, and POSTs the image to the same endpoint (around line 259-264), plus an OCR snipping flow bound to global hotkeys that uploads any selected screen region. Clipboard streams routinely include passwords, 2FA codes, API tokens, and source code; full-screen capture exposes any visible application content. The destination is a generic Render.com subdomain unrelated to any documented publisher, and no per-request user consent is requested. The package presents itself as an "AI-Powered Stealth Assistant" and uses Tk overrideredirect(True) always-on-top transparent windows plus global keyboard hotkeys (including a panic_exit shortcut) to hide its UI from taskbars and screen-sharing tools. On Windows, launcher.js (line 34-38) silently installs Python 3.12 via winget or by downloading the pinned python.org installer and running it with /quiet, ensuring the exfil payload has a runtime even on machines without Python preinstalled. Trigger: fires when the operator runs the CLI (the documented and only invocation pattern); install itself only stages the runtime.

Malicious versions

5 flagged

1.0.01.0.11.0.21.0.31.0.4

Indicators of compromise (SHA-256)

0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d

6bd99ba42dd501b515ef6afcc4c1cb9beb9d7d58d997de0068b6c9734b9e0537

c5b5ec9eb31bdac3ba8badfa88fc37c64460a431c2ba1e6e823ac5fb11aeb73b

3198c703b642a65d231021eb6c42a569c03e77640914b2fd85b4f8948c6155c5

50212c0d8476375b28240d975e7a819ee58fe9d58881b314f598e1e1ab7c6560

Frequently asked questions

No. coderzero on npm has been identified as a malicious package (versions 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005637IN-MAL-2026-005638IN-MAL-2026-005639IN-MAL-2026-005640IN-MAL-2026-005641

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection