Which versions of menu-filter-widget-web are malicious?

The following npm versions of menu-filter-widget-web are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate menu-filter-widget-web if I installed it?

Remove menu-filter-widget-web from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is menu-filter-widget-web part of a known attack campaign?

Yes — menu-filter-widget-web is associated with the IN-MAL-2026-005238, IN-MAL-2026-005237 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect menu-filter-widget-web in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking menu-filter-widget-web and packages like it before any post-install script runs.

Malicious package

menu-filter-widget-webnpm

Malicious code in menu-filter-widget-web (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5486

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall menu-filter-widget-web

What this malware does

package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname() and sends it to a hardcoded oastify.com (Burp Collaborator) URL via HTTPS GET, with a fallback DNS lookup that embeds the hostname as a subdomain label. Both channels carry a unique token plus the installer's hostname, registering the install with a remote attacker-controlled collaborator on every install. The package self-describes as a 'PoC' but is published to the public registry, so any installer leaks host identity automatically without consent.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

6dbcaf0b132c21e578d8caafa01a8740d4c1aa8ef82f9cdeaaf46536027a9d92

bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce

Frequently asked questions

No. menu-filter-widget-web on npm has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005238IN-MAL-2026-005237

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection