Which versions of pc-optimizer are malicious?

The following npm versions of pc-optimizer are flagged malicious: 1.0.1, 1.0.2, 1.0.9. Treat any of these as compromised.

How do I remediate pc-optimizer if I installed it?

Remove pc-optimizer from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is pc-optimizer part of a known attack campaign?

Yes — pc-optimizer is associated with the IN-MAL-2026-005748, IN-MAL-2026-005750, IN-MAL-2026-005749 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect pc-optimizer in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking pc-optimizer and packages like it before any post-install script runs.

Malicious package

pc-optimizernpm

Malicious code in pc-optimizer (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5653

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall pc-optimizer

What this malware does

The package's collect.js imports child_process, fs, http, https, and os, reads host identifiers via os.hostname() and os.homedir(), inspects local filesystem paths via fs.existsSync, and POSTs collected data to a hardcoded external endpoint at http://aab.sportsontheweb.net. The destination is not a registry, vendor SDK host, or documented service — it is an unrelated third-party domain bound to a POST in install/load-reachable code. The combination of system enumeration (hostname, homedir, child_process), filesystem inspection, and a hardcoded non-publisher exfiltration endpoint is the canonical host-information stealer fingerprint and provides direct attacker benefit (host fingerprinting + arbitrary collected data shipped off-host).

Malicious versions

3 flagged

1.0.11.0.21.0.9

Indicators of compromise (SHA-256)

9f3f55c554f0b1b48f8ebaa1b8ee6a9d005c972fa06bef7c9727946e5d422aa4

f046d16052b9121c55f2fd5e6eb2be90ce24e7b007efca3c2a9e7f64dab8f6bf

f1dd847960d4aa149ddf901c3b85fa93f3ef2b50d5dfeb64ba3b4599f23ed3aa

Frequently asked questions

No. pc-optimizer on npm has been identified as a malicious package (versions 1.0.1, 1.0.2, 1.0.9 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005748IN-MAL-2026-005750IN-MAL-2026-005749

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection