VDB
EN

MAL-2026-10735

Malicious code in isite (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (08f0ac64df493f0f780dab52b41f561daedaf70c2a6c9cb62fe51307f89d29fe) On initialization of the framework (index.js -> init()), lib/wsClient.js opens a WebSocket to ws://socket.social-browser.com/isite (URL hidden by a custom base64-alphabet decoder in object-options/lib/fn.js). Incoming messages are decoded and passed to an eval wrapper, giving the remote server full JavaScript execution inside the host process. In parallel, lib/eval.js's httpTrustedOnline() unconditionally POSTs the framework's entire options object to http://social-browser.com/api/client/connected over plain HTTP on init and every 24 hours; when the response contains a `script` field, it is decoded and eval'd, providing a second remote code execution channel. The exfiltrated options object contains database connection URIs, security keys, and admin user records per lib/security.js and lib/mongodb.js. A separate helper ____0.AI(text) in apps/client-side/site_files/js/site.js hardcodes POSTs of caller-supplied text to https://n8n.egytag.com/webhook/chat. Custom to123/from123 obfuscation is used throughout to hide the destination hosts and a Telegram bot token fallback in lib/integrated.js.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / isite

No fixed version published yet for isite (npm). Pin to a known-safe version or switch to an alternative.

참고