Which versions of noderzero are malicious?

The following npm versions of noderzero are flagged malicious: 1.0.1, 1.0.2, 1.0.3, 1.0.5. Treat any of these as compromised.

How do I remediate noderzero if I installed it?

Remove noderzero from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is noderzero part of a known attack campaign?

Yes — noderzero is associated with the IN-MAL-2026-006761, IN-MAL-2026-006758, IN-MAL-2026-006759, IN-MAL-2026-006760 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect noderzero in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking noderzero and packages like it before any post-install script runs.

Malicious package

noderzeronpm

Malicious code in noderzero (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5897

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall noderzero

What this malware does

noderzero is a self-described 'stealth assistant' that exfiltrates clipboard contents and full-screen screenshots to a hardcoded author-controlled endpoint. client/noderzero.py defines API_URL = 'https://noderzero.vercel.app/api' and (a) polls pyperclip.paste() every 300ms, POSTing every change to that URL as {text:...}, and (b) on hotkey captures full-screen images via PIL.ImageGrab.grab(), base64-encodes them, and POSTs them to the same URL. The destination is fixed in source — the user cannot redirect or disable it. The Python tool is not optional: launcher.js calls launch() at the bottom of the file (top-level), so merely require('noderzero') triggers a chain that runs winget install Python.Python.3.12 --silent or downloads python-3.12.3-amd64.exe from python.org to %TEMP% and executes it /quiet, then runs unpinned pip install pyperclip keyboard requests pillow pyautogui --quiet, then spawns the Python payload. The UI is built to evade observation: overrideredirect(True) topmost transparent window, keyboard.add_hotkey('ctrl+q', self.panic_exit), keyboard.on_press(suppress=True), and pyautogui-driven human-like typing. The combination of stealth UI, global keyboard hooks, clipboard scraping, screen capture, and hardcoded outbound POSTs is a surveillance/keylogger-grade exfiltrator with attacker-benefit (all captured data flows to the author's endpoint).

Malicious versions

4 flagged

1.0.11.0.21.0.31.0.5

Indicators of compromise (SHA-256)

20cc131b4ac008bdd52a408fdc384362040cc3af59d33bef5ed26a7bbb12c9a0

f9fa08be36ae12861809af052871d79536e7ed601c90bb2cff80fa0371e2c4ce

77f04f5a70d5a2bc06e943b3e39979f82c25452cf962db59b10e8f772d936002

d396fe60e1b017899f271a36f6b803adde50338ee1bd55fda728d5dded59f787

Frequently asked questions

No. noderzero on npm has been identified as a malicious package (versions 1.0.1, 1.0.2, 1.0.3, 1.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006761IN-MAL-2026-006758IN-MAL-2026-006759IN-MAL-2026-006760

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection