What does the joi-pack malware do?

The package declares a postinstall hook (`"postinstall": "node postinstall.js"` in package.json) that runs unconditionally on `npm install`. The script's own header calls itself a "Token harvester + Crypto wallet scanner / Runs on npm install. Silent. Zero trace." It performs two distinct credential-theft behaviors: 1) Installer secret harvest: reads `~/.npmrc`, `~/.env`, and `~/.git-credentials`; extracts npm auth tokens (regex `npm_[a-zA-Z0-9]{36}`), API keys, database URLs, cloud credentials, EVM private keys (`0x[a-fA-F0-9]{64}`), and git credentials; POSTs the JSON result to the hardcoded bare-IP endpoint `http://149.28.127.35:8888` over plain HTTP (configurable only via `C2_URL` env).

Which versions of joi-pack are malicious?

The following npm versions of joi-pack are flagged malicious: 1.0.3, 1.0.4, 1.0.5. Treat any of these as compromised.

How do I remediate joi-pack if I installed it?

joi-pack is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed joi-pack — how do I know if it already compromised me?

If joi-pack was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is joi-pack part of a known attack campaign?

Yes — joi-pack is associated with the IN-MAL-2026-002733, IN-MAL-2026-002734, IN-MAL-2026-002732 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find joi-pack across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for joi-pack (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging joi-pack across your stack and pipelines.

Malicious package

joi-packnpm

Malicious code in joi-pack (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-3765

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall joi-pack

What this malware does

The package declares a postinstall hook ("postinstall": "node postinstall.js" in package.json) that runs unconditionally on npm install. The script's own header calls itself a "Token harvester + Crypto wallet scanner / Runs on npm install. Silent. Zero trace." It performs two distinct credential-theft behaviors:

Installer secret harvest: reads ~/.npmrc, ~/.env, and ~/.git-credentials; extracts npm auth tokens (regex npm_[a-zA-Z0-9]{36}), API keys, database URLs, cloud credentials, EVM private keys (0x[a-fA-F0-9]{64}), and git credentials; POSTs the JSON result to the hardcoded bare-IP endpoint http://149.28.127.35:8888 over plain HTTP (configurable only via C2_URL env).
Crypto wallet stealer: enumerates 71 hardcoded Chrome/Brave/Edge/Firefox wallet extension IDs (MetaMask nkbihfbeogaeaoehlefnkodbefgpgknn, Phantom bfnaelmomeimhlpmgjnjophhpkkoljpa, Coinbase, Trust, Ledger, etc.), walks browser profile Local Extension Settings/<walletId> LevelDB .log files matching regex for vault, mnemonic, seed, privateKey, password, encrypted, and recursively scans ~/Documents, ~/Desktop, ~/Downloads, ~/OneDrive, ~/Dropbox, ~/Google Drive, ~/backup, ~/keys, ~/wallet, ~/crypto for seed-phrase and keystore files, exfiltrating hits to the same C2.

The package's advertised purpose (keywords: [lodash, utilities], description "Lodash JavaScript utilities bundle", internal name lodash-js) does not match the name joi-pack and does not match the payload — index.js is an explicit stub ("Just a dummy module. The real payload is in postinstall.js"). Name and keywords are cover-story framing piggybacking on the popular joi and lodash packages.

Malicious versions

3 flagged

1.0.31.0.41.0.5

Indicators of compromise (SHA-256)

3caea54cdc5f9f780e43fbc5cab85bda8c3f7ee37b565296c18db6713f99c794

5ca38e3574ffcb0fabb105616e28108137c8256e2c70aeede59623bca5df496a

dfc3730af0bd203e8c642cd12bd2a6cf4f0ba892e633e58781dfade6db085063

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for joi-pack (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging joi-pack across your stack and pipelines.
If you installed it — respond
joi-pack is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If joi-pack was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks joi-pack before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. joi-pack on npm has been identified as a malicious package (versions 1.0.3, 1.0.4, 1.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-002733IN-MAL-2026-002734IN-MAL-2026-002732

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks joi-pack-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring