On npm install, the package's postinstall hook executes recon.js, which enumerates a hardcoded list of credential-bearing environment variables (AWS_SECRET_ACCESS_KEY, NPM_TOKEN, SSH_PRIVATE_KEY, MNEMONIC, GitLab tokens, DB_PASSWORD, etc.), reads.env files from common project and CI paths grepping for KEY/SECRET/TOKEN/PASS/PRIVATE/MNEMONIC, lists build directories (/builds/, /home/gitlab-runner/builds/, /tmp/, /var/lib/gitlab-runner/), and collects host fingerprint data (hostname, platform, user, cwd). The collected payload is POSTed over HTTPS with TLS verification disabled (rejectUnauthorized: false) to two attacker-controlled collectors: webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd and enqoojbegdvxj.x.pipedream.net. The package is published at version 99.99.99 with a self-description of 'CryptoDAO internal' and an in-source comment labeling itself a 'Dependency Confusion Reconnaissance Payload' — the canonical dependency-confusion shape designed to win resolution against a private internal package of the same name. Installer harm is immediate and severe: any CI/CD environment that resolves this package will leak credentials sufficient for cloud account takeover, npm package hijack, source code access, and wallet theft.

The OpenSSF Package Analysis project identified 'cryptodao-signer' @ 99.99.99 (npm) as malicious.

It is considered malicious because:

• The package communicates with a domain associated with malicious activity.