Supply ChainHigh

First malicious MCP server in the wild (postmark-mcp backdoor)

September 2025  ·  Counterfeit npm MCP package

What happened

A counterfeit "postmark-mcp" npm package added a hidden backdoor that BCC'd every outbound email to an attacker address. It is regarded as the first confirmed malicious MCP server used in a live attack, with roughly 1,500 weekly installs leaking email daily.

Root cause

Developers installed an untrusted MCP server that ran with full email-sending privileges; a single line of code silently exfiltrated all sent mail.

Fix / outcome

Postmark published an alert and the maintainer deleted the package. Users were advised to uninstall, rotate credentials, and audit logs.

Sources

The Hacker News

Learn this attack class

This incident is an example of Supply Chain. Read the guide, then try it hands-on in the Academy.

Read the guide →

← Back to the Incident Database