MAL-2026-10729
Malicious code in channel-worker (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (cb42c8663e71b69abd887afe5b53f3c9d57bb405dd9e8ec4954eb1bf9bb0c033) The package's runtime code implements a remote command-and-control agent rather than a normal library. bin/cli.js hardcodes the endpoint https://api.channel.tunasm.art and issues POST calls with host identifiers to that endpoint via fetch. lib/command-poller.js pairs child_process execution with GET/POST loops against a remote controller, taking command IDs from responses and executing OS commands (including ping) locally. lib/cache-server.js and lib/nst-manager.js reinforce the same shape: child_process combined with outbound POST and ping invocations to remote hosts. This is a poll-execute-report agent structure — installing or running this package registers the host with the operator of api.channel.tunasm.art and executes commands returned by that server, providing persistent remote access to the machine.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for channel-worker (npm). Pin to a known-safe version or switch to an alternative.