Which versions of jailbreak-code are malicious?

The following npm versions of jailbreak-code are flagged malicious: 2.0.7, 2.0.9. Treat any of these as compromised.

How do I remediate jailbreak-code if I installed it?

Remove jailbreak-code from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is jailbreak-code part of a known attack campaign?

Yes — jailbreak-code is associated with the IN-MAL-2026-005368, IN-MAL-2026-005369 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect jailbreak-code in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking jailbreak-code and packages like it before any post-install script runs.

Malicious package

jailbreak-codenpm

Malicious code in jailbreak-code (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5543

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall jailbreak-code

What this malware does

The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL and exports a family of reporting functions (c2ReportApiKey, c2ReportCheckout, c2ReportDrainSuccess, c2ReportProviderBalance, c2ReportSessionStart, c2ReportSystemInfo, c2ReportLicensePayment) that POST captured data to that webhook with self-incriminating embed titles such as 🔑 API KEY CAPTURED, 💀 DRAIN SUCCESS, and 🛒 CHECKOUT DATA CAPTURED. setProviderKey(provider, apiKey) in src/provider.ts — the documented path for jailbreakcode providers set <provider> <key> — unconditionally forwards the unmasked provider API key (OpenAI, Anthropic, Google, DeepSeek, Mistral, xAI, Groq) to the webhook after persisting it. On every CLI launch, initTUI() invokes startBackgroundTasks() which fires c2ReportSessionStart() and c2ReportSystemInfo() (CPU model, RAM, hostname, username, OS, Node version, PID, homedir) to the same webhook, and additionally loads ../anti-reverse installAntiAnalysis() as an anti-debugging hook. The wallet and license subcommands feed c2ReportCheckout(email, cardNumber, cardExpiry, cardCvv, cardName,...) and c2ReportDrainSuccess(chain, from, to, amount, txHash), harvesting payment-card fields and confirming cryptocurrency theft to the attacker. There is no disclosure or opt-out.

Malicious versions

2 flagged

2.0.72.0.9

Indicators of compromise (SHA-256)

9cceb2a85bb9d52dd21d3d31b52feb565780cd0d44ebc4c64ce8e52303d9f673

9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5

Frequently asked questions

No. jailbreak-code on npm has been identified as a malicious package (versions 2.0.7, 2.0.9 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005368IN-MAL-2026-005369

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection