A malicious npm package, mimicking the legitimate ‘postmark-mcp’ project, was discovered to exfiltrate users’ email communications. This deceptive package, appearing authentic and available for 15 versions, included a harmful line of code in the 1.0.16 update that redirected all user emails to an external address linked to the developer. This incident, uncovered by Koi Security, highlights vulnerabilities in the Model Context Protocol (MCP) standard, which allows AI assistants to interact with external tools securely. The malicious package was downloaded approximately 1,500 times over a week, potentially compromising sensitive data such as personal communications and financial information. Users who downloaded it are urged to remove the package, rotate credentials, and audit their MCP servers for unusual activity. This case illuminates the need for thorough vetting of project sources, careful code reviews, and sandboxing practices to prevent future exploitation of vulnerabilities in high-privilege environments.
Source link
