Analyze your own packages withvet GitHub

concurrent-hashmap@1.0.0

Possibly Malicious
Analyzed at:4/21/2025, 12:41:38 PM
Source:https://registry.npmjs.org/concurrent-hashmap/-/concurrent-hashmap-1.0.0.tgz
SHA256:77ef2dc60e09a0208884bd32a34181292b0d436ad7af34baa6617005bc39b29c
Confidence:Medium
Summary

This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.

Malicious network communication and extensive system information gathering by the package strongly indicate malware.

Details

The package concurrent-hashmap (version 1.0.0) exhibits strong indicators of malicious behavior based on the provided evidence. Two LLM-based file evaluations reveal critical findings:

  • Suspicious Network Communication (Evidence 0): The package establishes a network connection to a remote IP address (8.152.163.60:8058) and transmits system information. This strongly suggests a backdoor or spyware component, exfiltrating sensitive data to a command-and-control (C2) server.
  • System Information Gathering (Evidence 1): The package aggressively collects extensive system information, including OS details, hardware specifications, user profiles, running processes, and more. This data collection profile is characteristic of malware aiming to profile the compromised system and potentially tailor further attacks.

While Evidence 2 highlights the absence of source project information, which is suspicious, it's not the primary factor in this determination. The LLM-based analyses provide high-confidence evidence of malicious network activity and data exfiltration, outweighing the uncertainty surrounding the package's origin. The combination of these two LLM findings definitively points towards malicious intent.