Which versions of to-cms are malicious?

The following npm versions of to-cms are flagged malicious: 1.0.0, 1.0.1. Treat any of these as compromised.

How do I remediate to-cms if I installed it?

to-cms carries a destructive/sabotage payload. Remove it immediately, restore any affected data from clean backups, and verify integrity of build outputs that may have been tampered with.

I already installed to-cms — how do I know if it already compromised me?

If to-cms was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is to-cms part of a known attack campaign?

Yes — to-cms is associated with the IN-MAL-2026-003329, IN-MAL-2026-003302, IN-MAL-2026-003328, IN-MAL-2026-003303, GHSA-789x-j439-qx3f campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find to-cms across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for to-cms (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging to-cms across your stack and pipelines.

Malicious package

to-cmsnpm

Malicious code in to-cms (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4693

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall to-cms

What this malware does

package.json declares postinstall: node index.js. On npm install, index.js unconditionally HTTPS-GETs https://meet-fr.com/ChromeSetup.exe, writes it to os.tmpdir(), executes it via a shell start/open call, and deletes the file ~5 seconds later to hide forensics. The domain meet-fr.com is not a Google or Chrome publisher domain; the package name to-cms has no relation to a Chrome installer; the binary is unsigned, unpinned, has no hash/signature verification, and self-deletes after launch — the canonical dropper shape. A debug.log shipped in the tarball references C:\Users\work1\AppData\Local\Temp\ChromeSetup.exe, corroborating that this code path has executed on the author/build machine. Every installer of this package runs the attacker-controlled binary at install time.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious versions

2 flagged

1.0.01.0.1

Indicators of compromise (SHA-256)

7d5744702e58027d5559835add599a7c9c4f9693f838e43fb4e85fb5dd186e16

cccb3d12c0df356fc34c0b79a003f32a6484dd9229b43dfef5b89c8dd4dec51c

e865bba7d5aa2d64a8cb88a843dff1986c87c38dac74e6a11013a6a4c3ca3bba

b754c9ae51bc5d237e70eae3c48418ed5e43354d3a2e5dca1bdddd63ef4ca11a

d8527b8c8876c1777400d2305c77b9e61af6eda4238779ae2e0a9cd954cf06b6

Detection & response playbook

Destructive / sabotage

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for to-cms (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging to-cms across your stack and pipelines.
If you installed it — respond
to-cms carries a destructive/sabotage payload. Remove it immediately, restore any affected data from clean backups, and verify integrity of build outputs that may have been tampered with.
Did it already run?
If to-cms was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks to-cms before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. to-cms on npm has been identified as a malicious package (versions 1.0.0, 1.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003329IN-MAL-2026-003302IN-MAL-2026-003328IN-MAL-2026-003303GHSA-789x-j439-qx3f

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks to-cms-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring