muaddib-scanner 2.8.7 → 2.8.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.8.7",
+  "version": "2.8.8",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {
@@ -44,7 +44,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@inquirer/prompts": "8.3.0",
+    "@inquirer/prompts": "8.3.2",
     "acorn": "8.16.0",
     "acorn-walk": "8.3.5",
     "adm-zip": "0.5.16",

package/src/index.js

@@ -567,6 +567,33 @@ async function run(targetPath, options = {}) {
     }
   } catch { /* graceful fallback */ }
 
+  // Cross-scanner compound: detached_process + suspicious_dataflow in same file
+  // Catches cases where credential flow is detected by dataflow scanner, not AST scanner
+  {
+    const fileMap = Object.create(null);
+    for (const t of deduped) {
+      if (t.file) {
+        if (!fileMap[t.file]) fileMap[t.file] = [];
+        fileMap[t.file].push(t);
+      }
+    }
+    for (const file of Object.keys(fileMap)) {
+      const fileThreats = fileMap[file];
+      const hasDetached = fileThreats.some(t => t.type === 'detached_process');
+      const hasCredFlow = fileThreats.some(t => t.type === 'suspicious_dataflow');
+      const alreadyCompound = fileThreats.some(t => t.type === 'detached_credential_exfil');
+      if (hasDetached && hasCredFlow && !alreadyCompound) {
+        deduped.push({
+          type: 'detached_credential_exfil',
+          severity: 'CRITICAL',
+          message: 'Detached process + credential dataflow — background exfiltration (cross-scanner compound).',
+          file,
+          count: 1
+        });
+      }
+    }
+  }
+
   // FP reduction: legitimate frameworks produce high volumes of certain threat types.
   // A malware package typically has 1-3 occurrences, not dozens.
   applyFPReductions(deduped, reachableFiles, packageName, packageDeps);

package/src/ml/jsonl-writer.js

@@ -134,9 +134,15 @@ function getStats() {
  *
  * @param {string} packageName - package name to relabel
  * @param {string} newLabel - 'fp' or 'confirmed'
+ * @param {number} [sandboxFindingCount] - number of sandbox findings (defense-in-depth for 'confirmed')
  * @returns {number} number of records updated
  */
-function relabelRecords(packageName, newLabel) {
+function relabelRecords(packageName, newLabel, sandboxFindingCount) {
+  // Defense-in-depth: never write 'confirmed' without real sandbox findings
+  if (newLabel === 'confirmed' && (!sandboxFindingCount || sandboxFindingCount === 0)) {
+    console.warn(`[ML] BLOCKED relabel to 'confirmed' for ${packageName}: sandbox_finding_count=${sandboxFindingCount || 0}`);
+    return 0;
+  }
   try {
     if (!fs.existsSync(TRAINING_FILE)) return 0;
     const content = fs.readFileSync(TRAINING_FILE, 'utf8');

package/src/response/playbooks.js

@@ -501,6 +501,10 @@ const PLAYBOOKS = {
     'CRITIQUE: Un Proxy JavaScript avec trap set/get/apply est combine avec un appel reseau. ' +
     'Technique d\'interception: le Proxy capture toutes les ecritures de proprietes (credentials, tokens, config) ' +
     'et les exfiltre via HTTPS/fetch/dgram. Supprimer le package. Auditer tous les modules qui importent ce package.',
+  detached_credential_exfil:
+    'CRITIQUE: Process detache avec acces aux credentials et exfiltration reseau. ' +
+    'Technique DPRK/Lazarus: le process fils survit au parent (detached:true, unref()) et exfiltre des secrets en arriere-plan. ' +
+    'Supprimer le package immediatement. Regenerer tous les tokens/credentials. Auditer les process en cours d\'execution.',
   intent_credential_exfil:
     'CRITIQUE: Coherence d\'intention detectee — lecture de credentials combinee avec exfiltration reseau. ' +
     'Pattern multi-fichier DPRK/Lazarus: chaque fichier semble legitime individuellement mais le package ' +

package/src/rules/index.js

@@ -1408,6 +1408,18 @@ const RULES = {
   },
 
   // Intent Graph rules (v2.6.0)
+  detached_credential_exfil: {
+    id: 'MUADDIB-AST-047',
+    name: 'Detached Process Credential Exfiltration',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Process detache (survit au parent) avec acces aux credentials et appel reseau — technique DPRK/Lazarus pour exfiltrer des secrets en arriere-plan',
+    references: [
+      'https://attack.mitre.org/techniques/T1041/',
+      'https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-108a'
+    ],
+    mitre: 'T1041'
+  },
   intent_credential_exfil: {
     id: 'MUADDIB-INTENT-001',
     name: 'Intent Credential Exfiltration',

package/src/scanner/ast-detectors.js

@@ -2187,6 +2187,24 @@ function handlePostWalk(ctx) {
       file: ctx.relFile
     });
   }
+
+  // DPRK/Lazarus compound: detached background process + credential env access + network
+  // Pattern: spawn({detached:true}) reads secrets then exfils via network.
+  // This combination is never legitimate — daemons don't read API keys and send them out.
+  const hasDetachedInFile = ctx.threats.some(t =>
+    t.file === ctx.relFile && t.type === 'detached_process'
+  );
+  const hasSensitiveEnvInFile = ctx.threats.some(t =>
+    t.file === ctx.relFile && t.type === 'env_access'
+  );
+  if (hasDetachedInFile && hasSensitiveEnvInFile && ctx.hasNetworkCallInFile) {
+    ctx.threats.push({
+      type: 'detached_credential_exfil',
+      severity: 'CRITICAL',
+      message: 'Detached process + sensitive env access + network call — credential exfiltration via background process (DPRK/Lazarus evasion pattern).',
+      file: ctx.relFile
+    });
+  }
 }
 
 function handleWithStatement(node, ctx) {

package/src/scoring.js

@@ -153,7 +153,8 @@ const DIST_EXEMPT_TYPES = new Set([
   'download_exec_binary',     // download + chmod + exec (binary dropper)
   'cross_file_dataflow',      // credential read → network exfil across files
   'staged_eval_decode',       // eval(atob(...)) (explicit payload staging)
-  'reverse_shell'             // net.Socket + connect + pipe (always malicious)
+  'reverse_shell',            // net.Socket + connect + pipe (always malicious)
+  'detached_credential_exfil' // detached process + credential exfil (DPRK/Lazarus)
   // P6: remote_code_load and proxy_data_intercept removed — in bundled dist/ files,
   // fetch + eval co-occurrence is coincidental (bundler combines HTTP client + template compilation).
   // fetch_decrypt_exec (fetch+decrypt+eval triple) remains exempt — never coincidental.
@@ -196,7 +197,8 @@ const REACHABILITY_EXEMPT_TYPES = new Set([
   'cross_file_dataflow',
   'typosquat_detected', 'pypi_typosquat_detected',
   'pypi_malicious_package',
-  'ai_config_injection', 'ai_config_injection_compound'
+  'ai_config_injection', 'ai_config_injection_compound',
+  'detached_credential_exfil' // DPRK/Lazarus: invoked via lifecycle, not require/import
 ]);
 
 // Custom class prototypes that HTTP frameworks legitimately extend.