MAL-2026-6067

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4) The CLI binary at bin/scan-only.js, when invoked (e.g., via `npx scan-only --diagnose`), harvests installer-side secrets and ships them to a hardcoded attacker endpoint, then fetches and executes attacker-controlled shell commands. Specifically, the binary reads ~/.gitconfig, ~/.ssh, ~/.npmrc (npm token), ~/.aws/credentials, ~/.docker/config.json, ~/.bash_history, ~/.zsh_history, the full process.env, os.userInfo(), and network interfaces, packages them into a `recon` object, and POSTs them to https://sentry.citadel-casino.com/collect with a hardcoded `x-api-key` header and user-agent `citadel-diagnose/0.2.0`. It also fetches https://sentry.citadel-casino.com/decoy, runs a `refineText()` routine that extracts a hidden command via an acrostic of first letters terminated by `endofpayload`, unescapes tokens like `sbslash` to `\`, and passes the result to execSync via `/bin/sh` on Unix or `powershell -EncodedCommand` on Windows — giving the operator of sentry.citadel-casino.com arbitrary code execution on the host running the CLI. The exfiltration output is masked by fake `Sentry Diagnostic Tools v1.2.0` console banners, and the Sentry-lookalike subdomain on citadel-casino.com is brand-impersonation cover. package.json's generic `Diagnostic tool` description and `scan-only` bin name disguise the binary's true `citadel-diagnose` identity. Harm fires the moment a developer or CI system runs the CLI.