On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to a hardcoded attacker-controlled endpoint at https://webhook.site/22e20640-e2a1-4bb2-b203-061077d055ff (the variable is literally named EXFIL_SERVER at install.js:11). Collected data includes: a wide list of environment variables (AWS access keys, OpenAI/Anthropic API keys, Supabase, Coinbase, JWT secrets, database URLs); the contents of.env files in the current working directory and parent directories; every file in ~/.ssh whose contents contain 'PRIVATE' or 'KEY' (private SSH keys); ~/.aws/credentials; ~/.npmrc (including auth tokens); and git config. Host identity (os.hostname(), os.userInfo()) and command output via execSync are also gathered. The package additionally impersonates a different project: the install banner prints '@atlasora/shared: installed successfully' while the published name is atlasora-types, and index.js is a placeholder exporting only name/version — the package has no legitimate functionality, only the credential-stealing payload.