package.json declares scripts.postinstall: node./callback.js, which fires automatically on npm install. callback.js reads the installer's hostname and transmits it to a hardcoded Burp Collaborator domain (3y294ed4dfq501wnmdvbakcnwe25qvek.oastify.com) via two channels: an HTTPS GET to /<token>/<encodeURIComponent(host)> and a DNS lookup against a subdomain encoding the same token + hostname. The package self-describes as an "authorized security research PoC" but is published under the @bancolonbia scope (a likely typosquat of the Bancolombia corporate namespace), matching the classic dependency-confusion shape: a private-looking scoped name registered publicly so a misconfigured internal build resolves to this package and beacons victim identity to the researcher/attacker. Whether or not the operator is authorized by Bancolombia, any third party who installs this package has their hostname exfiltrated to an attacker-controlled Collaborator endpoint without consent.

The OpenSSF Package Analysis project identified '@bancolonbia/menu-filter-widget-web' @ 0.0.1 (npm) as malicious.

It is considered malicious because:

• The package communicates with a domain associated with malicious activity.