Which versions of intl-ads are malicious?

The following npm versions of intl-ads are flagged malicious: 99.0.0, 99.0.1, 99.0.2. Treat any of these as compromised.

How do I remediate intl-ads if I installed it?

intl-ads is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed intl-ads — how do I know if it already compromised me?

If intl-ads was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is intl-ads part of a known attack campaign?

Yes — intl-ads is associated with the IN-MAL-2026-004666, IN-MAL-2026-004664, IN-MAL-2026-004667, IN-MAL-2026-004674, IN-MAL-2026-004663, IN-MAL-2026-004675 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find intl-ads across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for intl-ads (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging intl-ads across your stack and pipelines.

Malicious package

intl-adsnpm

Malicious code in intl-ads (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4587

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall intl-ads

What this malware does

On npm install, the package's scripts.preinstall runs poc.js which collects hostname, username, full network configuration (ipconfig/ip a/resolv.conf), id/whoami /all, git remote, parent package.json, and CI configuration files (.gitlab-ci.yml,.github/workflows, Jenkinsfile, azure-pipelines.yml). It then iterates process.env and harvests any variable whose name contains AWS, AZURE, GITHUB, GITLAB, JENKINS, NPM, TOKEN, CI, BUILD, etc. — capturing values, not just names — and POSTs the JSON payload to d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me over HTTPS, with a DNS callback as a secondary channel. The package self-describes as authorized bug-bounty research targeting Walmart's private namespace via dependency confusion, but the public npm registry has no scope restriction: any developer or CI system that resolves this name will execute the recon and leak credentials. The OAST destination is an Interactsh collector, not a Walmart-owned endpoint, so harvested data leaves any authorized scope. Concrete installer harm: AWS/Azure/GitHub/GitLab/npm tokens present in CI environment are exfiltrated; host fingerprinting enables follow-on attacks.

Malicious versions

3 flagged

99.0.099.0.199.0.2

Indicators of compromise (SHA-256)

0e3ef1ac43fa8e2f7a5e780c59071356afe6c000141639d1964338bf6234e8b0

74af72febe42133dcf81ad5910fc4ca98293df63ae8f8de60165db1c6fa49832

943b5422a0d6d362eeecd14087b149836b80a997a347731eeb93a64c1926e7e4

c7e29be11c53c137c2a24258ae423cf422fefcaad06183d67aa5c895a8fe4801

e97850316cad977b2e7bc006034b3c7d7ab1aca8ff13f98a49420a2a7a400ee4

2dad6bce5816c5d7f31035825cfb9f741f6863bca59221dac4308e110256e7d0

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for intl-ads (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging intl-ads across your stack and pipelines.
If you installed it — respond
intl-ads is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If intl-ads was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks intl-ads before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. intl-ads on npm has been identified as a malicious package (versions 99.0.0, 99.0.1, 99.0.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004666IN-MAL-2026-004664IN-MAL-2026-004667IN-MAL-2026-004674IN-MAL-2026-004663IN-MAL-2026-004675

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks intl-ads-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring