MAL-2026-10501
Malicious code in filewisee (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (758d74e75086465a01c3837210bf5bafe22d86e6f087be963e39ccd62ed0b034) The package presents itself as a date-formatting utility and re-exports plausible date APIs (format, formatISO, formatDate, formatTime) from dist/index.js, but also exports formatd from dist/file.js. When formatd is invoked, it fetches an opaque binary from the anonymous file host pixeldrain.com (https://pixeldrain.com/u/byLkaSJR), writes the bytes to ~/.drc/dr, chmods the file 0o755, and spawns it with caller-supplied args using stdio:'ignore' and windowsHide:true so the child process is hidden. There is no hash or signature verification on the downloaded binary, the host is anonymous and unrelated to the publisher, the download target is unrelated to date formatting, and the binary is staged in a hidden dot-directory under the user's home. The cover-story API surface (formatd named to blend with format/formatDate/formatTime) increases the chance consumers invoke the dropper believing it is a date helper.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for filewisee (npm). Pin to a known-safe version or switch to an alternative.