A malicious npm package masquerading as the official Postmark MCP Server has been exfiltrating user emails to an external server.
This fake “postmark-mcp” module, available on npm from versions 1.0.0 through 1.0.15, built trust over 15 incremental releases before dropping a backdoor in version 1.0.16.
The stealthy payload consisted of a single line of code that silently BCC’d every outbound email to the attacker’s domain.
Postmark-mcp BCC Email Exfiltration Attack
According to Postmark the attacker published the “postmark-mcp” package under the guise of ActiveCampaign’s Postmark MCP Server library.
By aligning naming, versioning, and package description with legitimate Postmark conventions, the malicious actor evaded cursory scrutiny.
Developers integrating MCP services via npm install postmark-mcp unknowingly pulled in a trojanized dependency. In version 1.0.16, a lone line inserted into the main transport script added unauthorized BCC functionality:
This code snippet hooks into the existing Postmark client workflow, leveraging the addHeader method to duplicate outbound emails.
Because the malicious line is syntactically innocuous and embedded alongside legitimate header setup logic, it escaped notice in code reviews and automated security scans.
Thousands of email messages exchanged between developers and their users were silently forwarded to the attacker’s server.
Although the legitimate Postmark API and official SDKs remain uncompromised, organizations relying on unverified third-party packages may have suffered unauthorized data leakage.
Postmark urges all users to immediately:
- Uninstall “postmark-mcp” from your projects:
- Examine SMTP logs and Postmark track events for suspicious BCC operations or unexpected API calls.
- Change any credentials or tokens transmitted during the compromise window to prevent further unauthorized access.
Postmark reaffirms that it has never published a “postmark-mcp” library on npm. The official packages and SDKs are listed in the Postmark documentation and GitHub repository.
Users can verify package authenticity by checking the postmark and postmark.js libraries maintained at github.com/ActiveCampaign/postmark and consulting the API docs at Postmark’s developer portal.
This incident highlights the critical importance of vetting third-party dependencies. Integrating only officially documented libraries ensures that your email infrastructure remains secure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
