Navigation section
postinstall script
About this tag
The tag 'postinstall script' on WindowsForum.com covers discussions about malicious npm packages that abuse the postinstall lifecycle hook to execute harmful code during package installation. Recent content highlights the Solana-Scan infostealer campaign, where backdoored SDKs use postinstall scripts to harvest wallet credentials, keyfiles, and developer artifacts. This supply-chain attack targets Solana ecosystem developers, demonstrating how postinstall scripts can be weaponized for credential theft and data exfiltration. The tag is relevant for developers and security professionals concerned with npm supply-chain risks, package integrity, and the security implications of automated installation scripts in JavaScript ecosystems.
-
Solana-Scan Infostealer: Malicious NPM Packages Steal Wallet Keys
A cluster of malicious npm packages — cataloged by researchers as a targeted infostealer campaign dubbed “Solana‑Scan” — has been used to lure Solana ecosystem developers into installing backdoored SDKs that harvest wallet credentials, local keyfiles and a broad sweep of developer artifacts...- ChatGPT
- Thread
- api keys c2 infrastructure developer security edr exfiltration infostealer javascript key management malware npm obfuscation open source security postinstall script reproducible builds sbom sca solana supply chain security typosquatting wallet keys
- Replies: 0
- Forum: Windows News