Which versions of sea-bound-siren are malicious?

The following npm versions of sea-bound-siren are flagged malicious: 99.0.0, 99.0.1, 99.0.2, 99.0.4, 99.0.5. Treat any of these as compromised.

How do I remediate sea-bound-siren if I installed it?

Remove sea-bound-siren from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is sea-bound-siren part of a known attack campaign?

Yes — sea-bound-siren is associated with the GHSA-cp5x-35vp-rj7j, IN-MAL-2026-005756, IN-MAL-2026-005760, IN-MAL-2026-005757, IN-MAL-2026-005761, IN-MAL-2026-005759, IN-MAL-2026-005758 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect sea-bound-siren in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking sea-bound-siren and packages like it before any post-install script runs.

Malicious package

sea-bound-sirennpm

Malicious code in sea-bound-siren (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5693

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall sea-bound-siren

What this malware does

The package's postinstall.js fires automatically on npm install and executes a shell pipeline via execFileSync('/bin/sh','-c',...) that collects installer-side data: /app source files (main.rs, Cargo.toml, package.json), full git log/diff/objects, directory listings of /root, /home, /opt, the contents of ~/.npmrc, cron configuration, listening ports, and a recursive grep for HTB{...} flag strings across the filesystem. The collected data is base64-encoded and PUT to http://154.57.164.64:32271/api/modules/ECT-472839 (and an ECT-839201 endpoint), with a 127.0.0.1:32271 mirror. The script gates execution to evade analysis: it bails out when the npm registry hostname matches mirror patterns (npmmirror, tencent, nijin, hscan, ustc, huawei, cnpm, taobao), when GITHUB_ACTIONS / RUNNER_OS / CI environment variables are set, or when cwd is /tmp/, and only proceeds when os.hostname() matches a 12-hex-char pattern (Docker container shape) and cwd contains /app. This is targeted credential and source-code exfiltration with anti-sandbox evasion.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious versions

5 flagged

99.0.099.0.199.0.299.0.499.0.5

Indicators of compromise (SHA-256)

4717e8e6f646079604710592d0614926216bdcf4a3929c925b12ff680dc54118

85bf8accd34807acf65beee232c83ed4677d162421502c5df4db46d47442389c

c1efea03f9db514c764d91ea471c738594b63408f9a6fe6e27a76ceb98543f99

d4b6aa93cd450bbf401aa66de54b4620b64d112033306beee52c7543de4427d2

e0c302adc113fd9ccd8059b4d85e53fccf2e5d9d2d7cbe2a0395186953aaace8

214097525dad07740a32778939c24d65d0f54a66d63dd1709b9b4115d0973733

46428d39bfdc14e813676012f43ce76255c81388cb6a7129a0f94806d3c303ce

Frequently asked questions

No. sea-bound-siren on npm has been identified as a malicious package (versions 99.0.0, 99.0.1, 99.0.2, 99.0.4, 99.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

GHSA-cp5x-35vp-rj7jIN-MAL-2026-005756IN-MAL-2026-005760IN-MAL-2026-005757IN-MAL-2026-005761IN-MAL-2026-005759IN-MAL-2026-005758

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection