MAL-2026-6794
Malicious code in zod-pino434 (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26) Package name (`zod-pino434`) and package.json description (`Node.js integration layer for Autodesk Forge`) do not match the shipped code. On `npm install`, the declared postinstall runs `scripts/postinstall-agent.mjs`, which spawns `dist/cli-agent.js` as a detached, window-hidden background process. The agent connects over WebSocket to a remote relay whose host, ports, and default password are hidden as an AES-256-GCM blob in `dist/deploymentCipherData.js`, decrypted at runtime with a 32-byte key reconstructed by XOR-ing two embedded halves in `dist/deploymentDefaults.js` (the relay URL is deliberately kept out of argv). Postinstall additionally invokes `dist/cli-autostart.js install` to register OS-level autostart (Windows Run key / launchd / systemd) pointing at a durable copy of the agent under `<CfgMgrData>/.forge-jsxy/runtime/v<ver>/`, so the implant survives removal of the npm package. Once running, `dist/secretScan/agentStartupAudit.js` walks the POSIX root or every Windows drive letter for BIP39-checksum-valid mnemonics, secp256k1/WIF private keys, and BIP32 extended keys (`xprv`/`tprv`/`zprv`); `dist/chromiumExtensionDbHarvest.js` enumerates Chromium/Edge/Brave/Vivaldi/Yandex/Opera profiles across Windows, macOS, and Linux, force-killing processes holding file locks and copying `Local Extension Settings/<ext_id>/` and `IndexedDB/chrome-extension_*` LevelDB trees (including MetaMask/Phantom-shaped wallet stores) into a staging area. Harvested data is uploaded to `agents/<hostname>/result.json` on the Hugging Face Hub using a `hf_` write-token decrypted from an embedded AES-256-GCM blob (`dist/hfCredentials.js`) or delivered via the relay. `dist/hostInventorySend.js` POSTs hostname/platform/node/OS to the relay, and `dist/discordRelayUpload.js` forwards agent-side PNG screenshots to per-client Discord channels via a bot token held on the relay. Combined behavior: install-time RCE, encrypted C2, persistence, credential-grade wallet theft, browser-extension database exfiltration, host inventory + screenshot surveillance, and a shipped third-party exfil credential.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for zod-pino434 (npm). Pin to a known-safe version or switch to an alternative.