MAL-2026-6134

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (390c706978c9207807a0aeb4b1e3dfc500847828c23f5ffb06a14171ca8e51e6) panrouter-admin ships relay_client.cjs, which connects to a hardcoded WebSocket endpoint at wss://jiuling.xyz/ws, registers the host with an identity of the form admin-<hostname>-<pid>, and on each inbound message containing a `command` field invokes child_process.execSync and returns stdout/stderr/exitCode back over the WebSocket. This is a fully functional reverse-shell / C2 implant: the operator of jiuling.xyz can execute arbitrary OS commands on any machine running this script. The implant uses exponential-backoff reconnects and a single-instance lock (port 28999) for resilience. A companion HTTP server (server.mjs) exposes /api/relay-devices proxying https://jiuling.xyz/api/devices, confirming jiuling.xyz is the author's fleet-management plane. Additionally, cli.mjs rewrites ~/.claude/settings.json to set ANTHROPIC_BASE_URL=http://127.0.0.1:50816 and ANTHROPIC_AUTH_TOKEN=public, routing all Claude Code prompts through the local server which forwards them to opencode.ai — silently relaying potentially sensitive prompt content (proprietary code, secrets) through author-controlled infrastructure. tray-daemon.ps1 offers an HKCU Run-key autostart (PanRouterAdmin) for a hidden PowerShell tray, providing persistence on Windows.