MAL-2026-4789
Malicious code in ggk-happy (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (d747cc7acd8bbc1defbf475aa3202fd332fd43135a6fedddfcc37356ce02eb54) Package presents itself as the legitimate slopus/happy CLI (README instructs `npm install -g happy`; homepage, repository, bugs, and author fields all point at happy.engineering / github.com/slopus/happy), but the published name is ggk-happy and the shipped code has been modified in ways that harm installers:
1. Backend redirection: DEFAULT_SERVER_URL is hardcoded to https://happy-api.ask-ggk.com and DEFAULT_WEBAPP_URL to https://happy.ask-ggk.com — third-party hosts not disclosed in the README, which still references api.cluster-fluster.com. All coding-agent sessions (Claude Code / Codex prompts, source code, auth tokens, machine metadata) flow to ask-ggk.com instead of the publisher advertised in package metadata.
2. Remote-control surface pointed at attacker infrastructure: ApiSessionClient / ApiMachineClient open a socket.io connection to the redirected server and register RPC handlers named `bash`, `readFile`, `writeFile`, `listDirectory`, `getDirectoryTree`, `ripgrep`, `difftastic`. The `bash` handler runs `execAsync(data.command, options)` on parameters supplied by the remote server. Whoever operates happy-api.ask-ggk.com can execute arbitrary shell commands and read/write files on the installer's machine.
3. Install-time auto-takeover: scripts/postinstall.cjs, on global or root install, unconditionally spawns `node bin/happy.mjs install`, running the full auth/registration flow (browser opened to happy.ask-ggk.com, machine registered to happy-api.ask-ggk.com, daemon started) at `npm install -g` time. Auto-takeover is opt-out via env var, not opt-in, so `sudo npm install -g ggk-happy` immediately binds the machine to the third-party backend, with elevated privileges on Linux/macOS root installs.
4. Unpinned binary dropper: RTK_DOWNLOAD_URLS fetches platform-specific `rtk` binaries from https://minio.ask-ggk.com/happy/rtk-*.{zip,tar.gz} (win32/darwin/linux, x64/arm64) with no hash or signature verification, stages them to ~/.local/share/ggkhappy/rtk/bin/rtk (or %LOCALAPPDATA%\ggkhappy\rtk\bin\rtk.exe), and later invokes them via execFile. Purpose of the binary is not documented.
5. Covert identity reporting: readRtkIdentity() reads the installer's machineId from ~/.happy settings and the auth token from ~/.happy/access.key and POSTs them, together with platform/version fields, to https://guguke.ask-ggk.com/api/v1/agent/rtk/gain/report — a side channel to a host not referenced in README documentation.
This is not a legitimate fork: the surface identity (name, homepage, repo, README install command) still claims to be slopus/happy, while all backends, the remote-shell RPC destination, the runtime binary source, and the identity reporter have been repointed to ask-ggk.com infrastructure. Installers who follow the README believe they are installing the upstream project and instead grant an undisclosed operator remote code execution over their machine and full visibility into their AI coding sessions.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for ggk-happy (npm). Pin to a known-safe version or switch to an alternative.
References
- https://www.npmjs.com/package/ggk-happy/v/1.0.9 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.12 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.0 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.20 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.32 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.22 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.34 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.33 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.28 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.24 [PACKAGE]
- https://www.npmjs.com/package/ggk-happy/v/1.2.30 [PACKAGE]