`@marketfront` dependency-confusion Wave 4 — 25 npm packages batch-published at `7.0.0` reuse the "Internal package — Platform Engineering Team" lure
On 2026-07-01 22:59 UTC the npm account marketfront created the @marketfront scope and batch-published 25 e-commerce / marketing-frontend packages in a ~3-minute window, all at version 7.0.0. Every package carries a postinstall credential-file harvester (~20 secret files including ~/.ssh, ~/.aws/credentials, ~/.kube/config, ~/.npmrc, ~/.env) and the identical README lure "Internal package — Platform Engineering Team" — Wave 4 of the SafeDep-tracked oob.moika.tech operator lineage.
- Detected by
- SafeDep
- Also known as
- oob.moika.tech Wave 4 · marketfront campaign · Internal package — Platform Engineering Team lure
- Ecosystems
- npm
- Packages tracked
- 8
What happened
On 2026-07-01 22:59:33 UTC, the npm account marketfront created the @marketfront scope and, within a roughly three-minute window, batch-published 25 packages — every one at version 7.0.0. SafeDep's Abhisek Datta published the analysis on 2026-07-01 and tracks this as Wave 4 of a multi-wave dependency-confusion campaign run by a single operator who rotates disposable npm accounts and email identities. The prior aliases in the same lineage are mr.4nd3r50n, pik-libs, t-in-one, and emcd-vue.
The lure is constant, the payload evolves
The README of every package in the batch contains the same string:
> Internal package — Platform Engineering Team
SafeDep has observed this exact marker on packages published by all four prior accounts. The behaviour behind it, however, is not constant: earlier waves ran a broad process.env beacon; Wave 4 is a targeted credential-file harvester with an RC4-hidden command-and-control host. The payload dynamically requires fs, os, http, https, zlib, path, and dns, reads roughly twenty credential and secret files (~/.ssh, ~/.aws/credentials, ~/.kube/config, ~/.docker/config.json, ~/.npmrc, ~/.netrc, ~/.pgpass, ~/.git-credentials, ~/.env, plus shell history), and exfiltrates the collected data as a gzip-compressed HTTPS POST with a custom X-Secret header to the path /api/v1/events. A DNS-resolver beacon runs alongside the HTTPS POST, so even hosts that block outbound https: to unknown destinations can still leak metadata via the resolver channel.
Package naming — a marketplace / livestream-commerce clone
The 25 slugs read as the frontend modules of an online marketplace. SafeDep publicly names eight of the twenty-five:
@marketfront/header@marketfront/footer@marketfront/navbar@marketfront/bannerpopup@marketfront/customdealsfeed@marketfront/fashiononboardingpopup@marketfront/livestreampreviewpopup@marketfront/designsystemdevtool
The seventeen unenumerated members of the batch are not disclosed in publicly indexed excerpts of the SafeDep report; defenders should treat every dependency in the @marketfront/* scope as suspect regardless of module name, and block the entire scope at any private registry proxy.
Dependency-confusion mechanics
7.0.0 was picked as a version that beats any plausible internal release in the 0.x – 6.x range. If the target organisation's internal Artifactory / Nexus / Verdaccio ever falls through to the public npm registry — because of a mis-scoped .npmrc, a CI runner that lost its private-mirror auth, or a fresh Docker image without the internal mirror configured — the public @marketfront/<name>@7.0.0 wins SemVer resolution and the postinstall harvester runs.
Campaign lineage — Wave 1 through Wave 4
- Wave 1 (2026-05-28) — accounts
mr.4nd3r50n,ce-rwb,t-in-onepush@cloudplatform-single-spa,@t-in-one,@ce-rwb,@wb-track,@data-science,@payments-widget,@travel-autotests,@capibar.chat,@sber-ecom-core. Payload is aprocess.envdump tooob.moika.tech/reportwith anX-Secretheader. Documented by Microsoft and Aikido; catalogued atnpm-2026-05-28-moika-dependency-confusion. - Waves 2–3 (May – June 2026) — accounts
pik-libsandemcd-vuecontinue the pattern under fresh scopes; the "Internal package — Platform Engineering Team" README marker stays constant. - Wave 4 (2026-07-01) — account
marketfront, scope@marketfront, 25 packages at7.0.0. Payload has hardened into a 20-file credential harvester with an RC4-hidden C2,X-Secretheader,/api/v1/eventssink, plus a DNS resolver beacon.
Attribution
SafeDep attributes all four waves to a single operator based on: identical README lure across every wave; identical publish tempo (3-minute batch bursts); reuse of X-Secret as the exfil header name; and scope-creation-then-batch-publish rhythm. The operator has not been claimed by, or attributed to, any named nation-state or crimeware group. No formal GHSA record for the @marketfront/* batch is public as of 2026-07-04.
Affected packages (8)
- npm
@marketfront/bannerpopup7.0.0 - npm
@marketfront/customdealsfeed7.0.0 - npm
@marketfront/designsystemdevtool7.0.0 - npm
@marketfront/fashiononboardingpopup7.0.0 - npm
@marketfront/footer7.0.0 - npm
@marketfront/header7.0.0 - npm
@marketfront/livestreampreviewpopup7.0.0 - npm
@marketfront/navbar7.0.0
Impact
- Postinstall hook (
node scripts/postinstall.js) dumps roughly 20 credential and secret files —~/.sshprivate keys,~/.aws/credentials,~/.kube/config,~/.docker/config.json,~/.npmrc,~/.netrc,~/.pgpass,~/.git-credentials,~/.env, and shell history — as a gzip-compressed HTTPSPOST /api/v1/eventswith a customX-Secretheader - Payload is an obfuscator.io-style single-line stager that dynamically requires
fs,os,http,https,zlib,path, anddns; the C2 host is RC4-hidden and resolved at runtime so a static grep on package source misses it - Adds a DNS-resolver beacon channel alongside the HTTPS POST — even egress firewalls that block outbound
https:to unknown hosts may still leak metadata via DNS lookups the resolver performs - Dependency-confusion targeting: the 25 slugs (
@marketfront/header,@marketfront/footer,@marketfront/navbar,@marketfront/bannerpopup,@marketfront/customdealsfeed,@marketfront/fashiononboardingpopup,@marketfront/livestreampreviewpopup,@marketfront/designsystemdevtool, plus 17 more not publicly enumerated) read as the internal frontend modules of a marketplace or livestream-commerce platform — the operator picked a very specific corporate namespace and mirrored its plausible module list - Version
7.0.0was chosen so any private-mirror release in the realistic0.x–6.xrange loses SemVer resolution against the public7.0.0if the client ever falls through to the public registry - Same operator lineage as the 2026-05-28
oob.moika.techburst (Microsoft-tracked, aliasesmr.4nd3r50n/ce-rwb/t-in-one) and the 2026-05-28vpmdhajOpenSearch typosquats — the "Internal package — Platform Engineering Team" README marker has been constant across waves while the payload evolved from aprocess.envbeacon (Wave 1) into the current 20-file credential harvester with an RC4-hidden C2 (Wave 4) - Payload analysis is identical across the sampled packages in the batch — consistent with a scripted publish, not per-package development. Anyone whose CI or dev machine resolved a
@marketfront/*7.0.0between 2026-07-01 23:00 UTC and takedown should treat every credential the host could reach as compromised
What to do
- 1Audit every
package.json, lockfile,.npmrc, and CI image layer for any dependency under@marketfront/*— see the packages map below for the eight confirmed names, and block the entire@marketfrontscope at your registry proxy so the seventeen unenumerated packages in the batch are also caught - 2If your build ever resolved
7.0.0of any@marketfront/*package: treat the build runner and any artefact it produced as fully compromised. Rotate SSH keys,~/.aws/credentials,~/.kube/config,~/.docker/config.json, npm tokens, git credentials, and any secret present in~/.envor the shell environment — from a separate clean device - 3Register every internal
@scopeyour organisation uses on the public npm registry (even as a stub) so a future Wave-5 squat under a fresh scope cannot resolve — this is the only durable defence against theoob.moika.techoperator's playbook - 4Pin your registry: use
.npmrcto route every internal@scopeto your internal mirror exclusively (e.g.@marketfront:registry=https://internal/) so the public-registry path is never queried for those scopes - 5Hunt outbound HTTPS
POSTrequests to any/api/v1/eventspath with a customX-Secretheader from CI runners or developer workstations, and hunt DNS queries for any resolver beacon pattern originating from a Node.js process context during the exposure window (2026-07-01 22:59 UTC → npm take-down) - 6Run
npm ci --ignore-scripts(or the pnpm / yarn equivalent) in CI for any build that does not need lifecycle scripts — the postinstall harvester is the entire execution vector for this cluster
References
- SafeDep@marketfront: 25 npm Packages Reuse a Known Luresafedep.io
- SafeDepCampaigns — SafeDep Threat Intelligencesafedep.io
- SafeDep164 npm Packages Target Cloud and Finance via oob.moika.techsafedep.io
- Microsoft Threat IntelligenceMalicious npm packages abuse dependency confusion to profile developer environments (Wave 1 disclosure)microsoft.com