First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails

TLDR: Koi Security reveals a malicious npm package, postmark-mcp, that secretly copies emails to an external server. Version 1.0.16 introduced a BCC line that stealthily exfiltrates sensitive information from over 300 organizations. Trusting unknown developers with AI tools poses significant risk, especially as these tools run autonomously with full permissions. Immediate action is required to remove the compromised package and assess potential breaches.

https://www.koi.security/blog/postmark-mcp-npm-malicious-backdoor-email-theft

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top