Supply-chain threat intelligence

Incident detail

criticalnpm·malware·osv

Malicious code in local-mcp (npm)

local-mcp

Risk score

92

AI summary

Indexed incident for local-mcp (npm).

Description

The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js (line 92) issues https.get to https://office-mcp-production.up.railway.app and to https://download.local-mcp.com, fetching binary content that is written to disk via fs and executed via child_process. index.js (line 194) performs https.get to https://office-mcp-production.up.railway.app while also reading process.env (lines 180, 277), os.homedir() (line 68), and process.platform (line 23) — host/identity fields gathered alongside an outbound POST. setup.js wires multiple POST calls (lines 61, 343, 800, 878, 904) over https with child_process available in scope. The package name is 'local-mcp' but the primary network destination is a Railway-hosted endpoint ('office-mcp-production.up.railway.app') that does not match the declared publisher domain (local-mcp.com); Railway free-tier subdomains are mutable, not version-pinned, and not author-controlled infrastructure in any verifiable sense. The combination — install/import-time fetch of binaries from a non-publisher mutable host, write+execute via child_process, and concurrent collection of env vars + homedir + platform with POSTs to the same Railway host — matches the active-attack / install-time-rce shape rather than a legitimate native-addon prebuild flow (which would fetch from the package's own GitHub releases at a pinned version with hash verification).

Technical details

Affected versions

=3.0.177=3.0.199=3.0.211=3.0.217=3.0.210=3.0.192=3.0.212=3.0.197=3.0.201=3.0.203=3.0.198=3.0.206=3.0.215=3.0.209=3.0.221=3.0.180=3.0.178=3.0.186=3.0.183=3.0.207=3.0.188=3.0.340

Indicators

  • affected version=3.0.17775%
  • affected version=3.0.19975%
  • affected version=3.0.21175%
  • affected version=3.0.21775%
  • affected version=3.0.21075%
  • affected version=3.0.19275%
  • affected version=3.0.21275%
  • affected version=3.0.19775%
  • affected version=3.0.20175%
  • affected version=3.0.20375%
  • affected version=3.0.19875%
  • affected version=3.0.20675%
  • affected version=3.0.21575%
  • affected version=3.0.20975%
  • affected version=3.0.22175%
  • affected version=3.0.18075%
  • affected version=3.0.17875%
  • affected version=3.0.18675%
  • affected version=3.0.18375%
  • affected version=3.0.20775%
  • affected version=3.0.18875%
  • affected version=3.0.34075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents