Which versions of gpu-accelerator are malicious?

The following npm versions of gpu-accelerator are flagged malicious: 1.4.2, 1.4.4, 1.4.5, 1.4.6, 1.4.7. Treat any of these as compromised.

How do I remediate gpu-accelerator if I installed it?

Remove gpu-accelerator from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is gpu-accelerator part of a known attack campaign?

Yes — gpu-accelerator is associated with the IN-MAL-2026-006890, IN-MAL-2026-006886, IN-MAL-2026-006888, IN-MAL-2026-006887, IN-MAL-2026-006889 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect gpu-accelerator in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking gpu-accelerator and packages like it before any post-install script runs.

Malicious package

gpu-acceleratornpm

Malicious code in gpu-accelerator (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5980

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall gpu-accelerator

What this malware does

The package advertises itself as a PostCSS plugin for CSS hardware-acceleration hints, but its only legitimate behavior is a 3-line walkDecls that adds will-change: transform. When the plugin factory in lib/index.js is invoked (which happens automatically when a developer wires the plugin into their PostCSS pipeline), it reads assets/driver-shim.bin (a 55,928-byte comma-separated integer list), XOR-decodes every byte with 0xA5 to recover ~56 KB of JavaScript source, and executes that source via vm.Script(...).runInContext(...) with require, process, console, and Buffer exposed in the context — granting the decoded code full Node privileges including filesystem and network access. Decoding confirms the bytes are JavaScript source (recurring function and require tokens, quoted module names). Before decoding, lib/index.js:18-21 checks process.env.CI || process.env.CONTINUOUS_INTEGRATION and !process.stdout.isTTY and returns early in those cases — a deliberate sandbox-evasion gate that keeps the payload dormant on CI runners and automated scanners while firing on interactive developer workstations. The combination of (a) a cover-story package whose advertised purpose is unrelated to its actual code, (b) an XOR-obfuscated executable blob shipped as a.bin asset, (c) vm.Script execution of that blob with full Node capabilities, and (d) a CI/headless evasion gate is the canonical supply-chain attack fingerprint.

Malicious versions

5 flagged

1.4.21.4.41.4.51.4.61.4.7

Indicators of compromise (SHA-256)

66902224a57ea11ec1dfb7f05ba35202d6ab70c39d101d35b68dbe5e2b3e2f5f

86fe9c9369454bfb2bba18da9d8b21dee61004bd897a8cf62c0d1661bc5a2e2f

9c838fde05746cf2beec757a3c2b29e9736abdca2665e639a5ae5e5870ce269d

ab0d6b253674f5eef505fbffb76003d2071569fd9d8abdf8993197738bb27759

cdf785e83cbfda56c6dd7bf4bfe31861d94a60757517f009215101e85b7de0c4

Frequently asked questions

No. gpu-accelerator on npm has been identified as a malicious package (versions 1.4.2, 1.4.4, 1.4.5, 1.4.6, 1.4.7 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006890IN-MAL-2026-006886IN-MAL-2026-006888IN-MAL-2026-006887IN-MAL-2026-006889

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection