package.json declares postinstall: node recon.js, which runs automatically on every npm install. recon.js harvests host information and a curated list of credential-bearing environment variables (AWS_SECRET_ACCESS_KEY, NPM_TOKEN, GITLAB_ACCESS_TOKEN, CI_JOB_TOKEN, SSH_PRIVATE_KEY, DB_PASSWORD, PRIVATE_KEY, MNEMONIC, SEED_PHRASE, DOCKER_PASSWORD, and others), grep-reads.env files at common installer paths for KEY/SECRET/TOKEN/PASS/PRIVATE/MNEMONIC lines, and POSTs the collected bundle to two attacker-controlled endpoints: https://webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd and https://enqoojbegdvxj.x.pipedream.net/. The HTTPS requests are issued with rejectUnauthorized: false, disabling certificate validation so exfiltration succeeds through TLS-intercepting proxies. The package self-identifies in source comments as a 'CryptoDAO Dependency Confusion Reconnaissance Payload' and is published at version 99.99.99 — the canonical shape used to outrank an internal cryptodao-utils package during registry resolution. Combined, this is a complete dependency-confusion credential-harvest attack against any installer whose build pipeline resolves the public name.

The OpenSSF Package Analysis project identified 'cryptodao-utils' @ 99.99.99 (npm) as malicious.

It is considered malicious because:

• The package communicates with a domain associated with malicious activity.