A recent update to the Postmark Model Context Protocol (MCP) Server has turned malicious, as reported by Koi Security. This widely-used server, gaining over 1500 weekly downloads on npm, was initially reliable for deploying AI agents to manage emails. However, version 1.0.16 introduced coding changes that allowed the server to copy users’ emails to the developer’s personal server. The developer, known as @phanpak, created the MCP implementation for Postmark email services but deleted the malicious package from npm after the report. This compromise potentially affected 3,000 to 15,000 daily emails from approximately 300 organizations. Koi Security emphasized a systemic vulnerability within the MCP ecosystem, pointing out that organizations grant extensive automated access to unverified tools, highlighting a crucial need for stronger security measures. Users of Postmark MCP Server v1.0.16 or later are advised to remove the package immediately and rotate any exposed credentials to mitigate risks.
Source link
Share
Read more