Which versions of getd-web-corporativa are malicious?

The following npm versions of getd-web-corporativa are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate getd-web-corporativa if I installed it?

Remove getd-web-corporativa from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is getd-web-corporativa part of a known attack campaign?

Yes — getd-web-corporativa is associated with the IN-MAL-2026-005198, IN-MAL-2026-005197 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect getd-web-corporativa in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking getd-web-corporativa and packages like it before any post-install script runs.

Malicious package

getd-web-corporativanpm

Malicious code in getd-web-corporativa (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5472

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall getd-web-corporativa

What this malware does

On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform, current working directory, package name/version, CI/build indicators, and a timestamp via URL query parameters. Errors are swallowed so installation appears to succeed silently. The destination is a public webhook collector — any party holding the UUID path can read every submission, so this is unauthenticated host reconnaissance suitable for follow-on targeting. The package's name resembles the @getd/* scope but is published unscoped by jplopezy (defensive-squat) with no repository and a placeholder homepage; the README's 'defensive squat telemetry' framing does not change the fact that installer-side identity data is shipped off-host without consent on every install. The package has no other functionality.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

6723001bb39dec6418cd295ccf96bfbde8f1c5ada178ce70882f1b4ba1d31ffe

6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033

Frequently asked questions

No. getd-web-corporativa on npm has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005198IN-MAL-2026-005197

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection