VDB
EN

MAL-2026-10729

Malicious code in channel-worker (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (cb42c8663e71b69abd887afe5b53f3c9d57bb405dd9e8ec4954eb1bf9bb0c033) The package's runtime code implements a remote command-and-control agent rather than a normal library. bin/cli.js hardcodes the endpoint https://api.channel.tunasm.art and issues POST calls with host identifiers to that endpoint via fetch. lib/command-poller.js pairs child_process execution with GET/POST loops against a remote controller, taking command IDs from responses and executing OS commands (including ping) locally. lib/cache-server.js and lib/nst-manager.js reinforce the same shape: child_process combined with outbound POST and ping invocations to remote hosts. This is a poll-execute-report agent structure — installing or running this package registers the host with the operator of api.channel.tunasm.art and executes commands returned by that server, providing persistent remote access to the machine.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / channel-worker

No fixed version published yet for channel-worker (npm). Pin to a known-safe version or switch to an alternative.

참고