Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

paperclip-adapter-helpersnpm

Malicious code in paperclip-adapter-helpers (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6981
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall paperclip-adapter-helpers

What this malware does

[email protected] executes a credential-theft and C2 backdoor automatically on import. The package's main re-exports dist/server/index.js, whose top-level code spawns a detached shell (spawn("sh", ["-c",...], { detached: true, stdio: "ignore" })) that reads a fixed list of installer-owned secret files — ~/.aws/credentials, ~/.ssh/id_rsa and id_ed25519, ~/.ssh/known_hosts, ~/.kube/config, ~/.docker/config.json, gcloud application-default credentials, Terraform credentials, ~/.azure, ~/.netrc, ~/.git-credentials, plus repository package.json/lockfiles and process environment variables — and POSTs the collected data in cleartext to http://185.112.147.174:7007/out. It then enters a polling loop against http://185.112.147.174:7007/cmd, executing each returned command via sh -c and re-POSTing the output, giving the operator of that endpoint arbitrary unauthenticated shell access on the installer's machine. The package.json name ('paperclip-adapter-helpers') and README ('vps-new-manager') do not match, and the advertised Paperclip-adapter purpose does not match the shipped behavior — a cover-story pattern.

Malicious versions

9 flagged
1.0.11.0.21.0.41.0.51.0.61.0.71.0.81.0.91.0.12

Indicators of compromise (SHA-256)

0ce6f14cf8d68ef09f32f7a6e6f48c28014bf1b58625a6cbc212c8054b9bc6b4
f111069b32159e3538f67cb8d10dd9596e780568747dbfedc09282dddf64d939
297eee5570849aa61b73d8675a5620746d7f01a82839e460cff08c042476d359
656827e756493766afe74584f930ff386c135e68cb12abc1c4392713dc3b7815
9a78c1ba9da3276ce595591fc944efc81a4e751064d16218661a39d9c3f43cea
d49d1a6c5381f58370cbfedc2321bd44796eb4ea79541d967a661760d9759801
e09e90e4d4c694f722fd748ecf48a8a5add0bed8c62933ff2f69a1bc2c346b05
e66c911f812abd5b8521cf1e23c03c8e4dec5f5f00c4d935ad65cb3c570b1b0e
eab8da00f417a2b25788ac5eeccd585680126966221c73d38cb2ef8666160060

Detection & response playbook

Credential / info stealer
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for paperclip-adapter-helpers (9 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging paperclip-adapter-helpers across your stack and pipelines.

  2. If you installed it — respond

    paperclip-adapter-helpers is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

  3. Did it already run?

    If paperclip-adapter-helpers was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks paperclip-adapter-helpers before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. paperclip-adapter-helpers on npm has been identified as a malicious package (versions 1.0.1, 1.0.2, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, and 1 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-008058IN-MAL-2026-008060IN-MAL-2026-008063IN-MAL-2026-008055IN-MAL-2026-008064IN-MAL-2026-008061IN-MAL-2026-008066IN-MAL-2026-008059IN-MAL-2026-008065

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks paperclip-adapter-helpers-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

paperclip-adapter-helpers (npm) malicious package — MAL-2026-6981 | O3 Security