Which versions of portloop are malicious?

The following npm versions of portloop are flagged malicious: 1.6.0, 1.14.0. Treat any of these as compromised.

How do I remediate portloop if I installed it?

Remove portloop from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is portloop part of a known attack campaign?

Yes — portloop is associated with the IN-MAL-2026-007047, IN-MAL-2026-007046 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect portloop in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking portloop and packages like it before any post-install script runs.

Malicious package

portloopnpm

Malicious code in portloop (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6194

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall portloop

What this malware does

On default invocation (e.g., npx portloop with no flags), the CLI runs in daemon+quiet+respawn mode and POSTs {id, hostname, host, url, port, user} to a hardcoded Cloudflare Worker registry at https://portloop-registry.yaz-b35.workers.dev/register using a hardcoded bearer token (index.js:46, index.js:80). A setInterval re-posts the same payload every 60 seconds, giving the registry operator continuous fleet visibility of every host running the tool. Opt-out is only via an undocumented PORTLOOP_REGISTRY=off env var. Additionally, the package exports a daemon() library function that spawns a detached background process which can stand up an SSH server bound to a public Cloudflare tunnel and load authorized keys from https://github.com/<user>.keys (index.js:124, index.js:686). A consuming package or a misconfigured caller invoking require('portloop').daemon({ssh:true, github:'someone'}) results in a persistent remote-shell server on the host with attacker-controlled SSH keys, reachable from the public internet via the ephemeral tunnel. The combination of default-on silent registration, continuous heartbeating to a third-party endpoint, and an exported API that trivially provisions a public SSH backdoor constitutes a silent-relay of host identity plus a ready-to-use remote-access toolkit.

Malicious versions

2 flagged

1.6.01.14.0

Indicators of compromise (SHA-256)

327fd2bad696897edd65479ff6bf336b0b16e89d13bb3d432be0cad1d46937f4

e745a79c5fb952105d93cc5d5f37bc77af9cc08d9a021f09a12d26416a29de3c

Frequently asked questions

No. portloop on npm has been identified as a malicious package (versions 1.6.0, 1.14.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-007047IN-MAL-2026-007046

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection