MAL-2026-4699

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6d338ea2a5c454a5a0352e6fb29bd940027bc4b8c349649f6356c4fc4f396272) Package metadata advertises 'utility mf' with main 'index.js', but the shipped main is a 15.7MB obfuscator.io-style blob preceded by ~8MB of invisible-Unicode whitespace padding designed to conceal its contents. On require(), the module performs several unsafe and attacker-beneficial actions:

1. Hidden WhatsApp bot payload: index.js dynamically imports `@whiskeysockets/baileys`, calls `useMultiFileAuthState('sessions/dev')`, opens a WhatsApp socket via `makeWASocket(...)`, prompts on stdin for a pairing-code phone number, and writes credential state to `./sessions/`. None of this is gated behind an exported function — it fires when the module is loaded.

2. Auto-exfiltration of accumulated chat/session state: an `AutoBackup` routine on a 30-second `setInterval` PUTs the local `database.json` (containing chats, contacts, sessions, and env-derived state) to `https://api.github.com/repos/<owner>/<repo>/contents/database.json` and the analogous GitLab API, using a token and repo path read from package-operator settings. The destination repo and credential are not the library consumer's — they are configured in the package's payload, so any consumer running this code uploads their accumulated state to the package operator's repository on a timer.

3. Runtime self-updater / silent-mutation primitive: on load, the module fetches `https://registry.npmjs.org/utils-mf/latest`, compares versions, downloads the latest tarball to `./tmp/upgrade.tgz`, and extracts it over `node_modules/utils-mf/` using `tar -xzf` (or `Expand-Archive` on Windows), then reloads. Already-installed copies will silently pull and execute any future published version, including a compromised one — the package mutates itself at runtime regardless of the consumer's lockfile.

4. Privileged system mutation at import: the top-level code shells out via `exec` to `apt-get install -y ffmpeg imagemagick git tar zip unzip` when those binaries are missing, runs recurring `exec('rm -rf /tmp/*')` and `exec('netstat -an')` on intervals, and writes to `./tmp/` and `./sessions/` in the consumer's CWD.

The combination of deceptive packaging (utility name, opaque blob), import-time exfiltration of local data to attacker-configured repos, an in-band self-update channel that bypasses normal dependency pinning, and unsanctioned privileged shell execution constitutes an active supply-chain attack against any installer who consumes this package as a 'utility'.