A rogue npm package, “postmark-mcp,” impersonated Postmark’s Model Context Protocol (MCP) server, covertly siphoning thousands of emails daily. The malicious actor introduced a backdoor in version 1.0.16, which BCC’d outgoing messages to an external address while gaining trust through 15 previous versions. Postmark clarified on September 25 that they were not involved, urging users to uninstall the package, check email logs, and change sent credentials. Although the exact number of affected organizations remains unclear, Koi Security reported approximately 1,500 downloads weekly, potentially compromising sensitive emails, including password resets and financial documents. This incident emphasizes significant vulnerabilities in the MCP ecosystem and open-source package management, highlighting the risks of granting unverified code extensive permissions. In light of these threats, GitHub plans to enhance npm registry security, including new measures like shorter token lifetimes and mandatory two-factor authentication for local publishing.
Source link
