Postmark-mcp npm backdoor copying outbound emails
Malware Activity
Summary
Hide ▲
Show ▼
The postmark-mcp npm package was found to include a backdoor that silently copied outbound emails, creating a supply-chain risk for users of the MCP server. The malicious code appeared in version 1.0.16 and forwarded messages to phan@giftshop[.]club. The package was later removed from npm after discovery. Anyone who installed it may have exposed sensitive mail content handled by the server.
Related Happenings
Shai-Hulud worm clone activity on NPM
Malware Activity
H score69
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
About this happening:
The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityAbout this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Inactive maintainer account 'atiertant' hit by network compromise
Incident
H score13
First: 15.05.2026 20:10
Last: 15.05.2026 20:10
Sources 1
About this happening:
The **inactive maintainer account 'atiertant'** for **node-ipc** was **compromised**, enabling malicious package releases that could steal credentials from downstream installation...
Inactive maintainer account 'atiertant' hit by network compromise
IncidentAbout this happening: The **inactive maintainer account 'atiertant'** for **node-ipc** was **compromised**, enabling malicious package releases that could steal credentials from downstream installation...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
Campaign
H score56
First: 12.05.2026 14:29
Last: 12.05.2026 14:29
Sources 1
About this happening:
The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
CampaignAbout this happening: The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
H score68
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
About this happening:
The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityAbout this happening: The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Latest development: 09.06.2026 18:42
On June 5, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after concerns about potential malicious content tied to the Miasma/Shai-Hulud supply-chain campaign. The action disrupted continuous integration pipelines and broke workflows that depended on Azure/functions-action, while Microsoft said it temporarily removed some repositories during its investigation.
Mini Shai-Hulud SAP-related npm supply-chain campaign
Campaign
H score45
First: 29.04.2026 19:26
Last: 29.04.2026 19:26
Sources 1
About this happening:
A new **Mini Shai-Hulud** supply-chain campaign is targeting **SAP-related npm packages**, putting **developer and CI/CD environments** at risk of credential theft and malicious p...
Mini Shai-Hulud SAP-related npm supply-chain campaign
CampaignAbout this happening: A new **Mini Shai-Hulud** supply-chain campaign is targeting **SAP-related npm packages**, putting **developer and CI/CD environments** at risk of credential theft and malicious p...
Latest development: 12.05.2026 11:50
Mini Shai-Hulud expands beyond the original SAP-related npm packages to compromise TanStack, UiPath, Mistral AI, OpenSearch, Guardrails AI, and DraftLab packages across npm and PyPI, with malicious payloads using router_init.js, GitHub Actions abuse, and exfiltration to filev2.getsession[.]org, api.masscan[.]cloud, or attacker-controlled GitHub repositories.
Timeline
-
29.09.2025 11:36 1 articles · 9mo ago
postmark-mcp replica uploaded to npm
Technical Analysis UpdateA developer using the handle phanpak uploaded a lookalike postmark-mcp npm package that copied the official Postmark Labs library.
Show sources
- First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package — thehackernews.com — 29.09.2025 11:36
-
29.09.2025 11:36 1 articles · 9mo ago
Backdoor added in postmark-mcp version 1.0.16
Technical Analysis UpdateVersion 1.0.16 of postmark-mcp introduced a one-line backdoor that BCC'd every outbound email to phan@giftshop[.]club, creating a supply-chain exfiltration path for sensitive communications.
Show sources
- First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package — thehackernews.com — 29.09.2025 11:36
-
29.09.2025 11:36 2 articles · 9mo ago
Koi Security identifies the malicious MCP server
Initial DisclosureKoi Security identified postmark-mcp as the first real-world malicious MCP server and warned that it had been silently copying every outbound email to phan@giftshop[.]club, exposing sensitive communications and prompting users to remove the package and review BCC traffic.
Show sources
- First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package — thehackernews.com — 29.09.2025 11:36
- First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package — thehackernews.com — 29.09.2025 11:36