Secure your dependencies. Ship with confidence.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This assembly contains heavy obfuscation and a runtime loader that reads and decrypts embedded resources and dynamically binds/exposes delegates and methods at runtime. That pattern enables execution of code not visible at build time and is commonly used by packers, backdoors or other supply‑chain malware. Even though the visible RabbitMQ publish/subscribe code appears legitimate, the embedded loader and dynamic method binding are high-risk behaviors. Treat this package as potentially malicious until the embedded payload and its provenance are inspected and audited. Recommend not using this package in production and performing a full forensic review of the decrypted payload and any network activity it performs.

The code exhibits clear malicious behavior by attempting to exfiltrate system information (hostname, username, current working directory, network interfaces) via DNS queries to a specific domain. The use of base64 encoding and dynamically constructed ping commands to send data are significant indicators of malicious intent.

No explicit malware (no hardcoded exfiltration, reverse shells, or encoded payloads) was found in this code fragment. However, the module executes arbitrary shell commands (shell=True), writes to arbitrary files, and relies on interactive inputs and parsed payloads without sanitization. If steps_json, user input, or parse_payload are attacker-controlled, this results in command injection, arbitrary file modification, and potential process manipulation. Treat this code as high-risk to run with untrusted inputs; review surrounding components (ConfigAgent, parse_payload, and where steps_json comes from) before use.

Live on pypi for 5 days, 5 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module actively harvests sensitive browser artifacts (history, cookies, saved logins, extension metadata), manipulates browser processes to enable cookie extraction via the Chrome DevTools Protocol, packages the data into an archive, and transmits it via client.emit. That sequence is classic data-exfiltration behavior. Treat this code as malicious or as a high-risk information-stealing component. It should not be run on user machines and the repository containing it should be considered compromised or malicious unless there is clear legitimate justification and explicit user consent.

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

The open-source dependency has several security risks and potential malicious activity, including reentrancy vulnerabilities and unprotected functions.

Live on npm for 4 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive system information to a remote server, which is a clear indication of malicious behavior. This poses a significant security risk as it involves unauthorized data collection and transmission.

Live on npm for 15 days, 13 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The script replaces privileged init scripts on RHEL/CentOS 7 systems with files from a web-root directory and forces an immediate reboot. This behavior enables persistent, privileged code execution and is high risk when source files are not strictly controlled. While it may be part of an intended wdlinux/wdcp management flow in some environments, the lack of integrity checks, backups, logging, and the forced reboot make it unsafe to run from untrusted contexts. Treat files under /www/wdlinux as potentially malicious if they are writable by untrusted users; do not execute this script on production systems without verifying the provenance and contents of the replacement init scripts.

This code contains malware due to its ability to execute arbitrary shell commands via WebSocket messages, insecure use of cookies for session verification, and insecure setup of an HTTPS server. These security vulnerabilities are exploited for malicious purposes.

This module contains explicit, raw x86 shellcode and logic to produce and compile a C injector that embeds an absolute library path and a parasite signature. The pattern is consistent with runtime library injection / GOT poisoning and enables creating a native executable capable of arbitrary syscalls. The code as provided is syntactically broken in several places and likely will not run without repair, but its primitives (writing shellcode, compiling, making executable) constitute a high security risk if included as a dependency — particularly if attacker-controlled inputs can influence tmp_folder or parasite data. Treat as dangerous: remove or sandbox, require review, and do not allow untrusted inputs to reach this code.

This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.

Live on pypi for 5 days, 11 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This module contains an explicit high-risk operation: the Windows code path downloads a PowerShell script from a hardcoded GitHub raw URL and immediately executes it via Invoke-Expression. That is remote code execution and a supply-chain execution risk. The non-Windows branches are benign (echo). Recommendation: remove or change the download-and-pipe pattern; require explicit user confirmation, perform integrity verification (e.g., signed artifacts or checksum validation), and avoid executing remote content directly. Also harden /etc/os-release parsing and limit attempts to read platform-specific files only when appropriate.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

The code exhibits clear malicious behavior by encrypting files and creating a ransom note. This is a severe security threat and should be addressed immediately.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This module is intentionally obfuscated: it decodes and execs a compressed base64 payload at import time. That pattern prevents static review and presents a high supply-chain risk because any consumer that installs or imports the package will execute unknown code. Without decoding and auditing the embedded payload, we cannot conclude definitively whether the code is malicious, but the packaging is suspicious and should be treated as high risk. Immediate actions: do not import in trusted environments, decode and audit the payload in an isolated sandbox, verify package provenance, and consider replacing or blocking the package until verified safe.

The fragment implements an obfuscated Express-based API that accepts raw MySQL credentials and SQL statements from HTTP requests and executes them against a database. This pattern effectively creates a remote SQL execution backdoor, with severe risks including data exfiltration, modification, and credential leakage through verbose logging. Without strong authentication, input validation, or access controls, this component should be treated as highly dangerous. Remove or strongly restrict the endpoint, replace with parameterized queries and strict RBAC, and eliminate logging of secrets.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This assembly contains heavy obfuscation and a runtime loader that reads and decrypts embedded resources and dynamically binds/exposes delegates and methods at runtime. That pattern enables execution of code not visible at build time and is commonly used by packers, backdoors or other supply‑chain malware. Even though the visible RabbitMQ publish/subscribe code appears legitimate, the embedded loader and dynamic method binding are high-risk behaviors. Treat this package as potentially malicious until the embedded payload and its provenance are inspected and audited. Recommend not using this package in production and performing a full forensic review of the decrypted payload and any network activity it performs.

The code exhibits clear malicious behavior by attempting to exfiltrate system information (hostname, username, current working directory, network interfaces) via DNS queries to a specific domain. The use of base64 encoding and dynamically constructed ping commands to send data are significant indicators of malicious intent.

No explicit malware (no hardcoded exfiltration, reverse shells, or encoded payloads) was found in this code fragment. However, the module executes arbitrary shell commands (shell=True), writes to arbitrary files, and relies on interactive inputs and parsed payloads without sanitization. If steps_json, user input, or parse_payload are attacker-controlled, this results in command injection, arbitrary file modification, and potential process manipulation. Treat this code as high-risk to run with untrusted inputs; review surrounding components (ConfigAgent, parse_payload, and where steps_json comes from) before use.

Live on pypi for 5 days, 5 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module actively harvests sensitive browser artifacts (history, cookies, saved logins, extension metadata), manipulates browser processes to enable cookie extraction via the Chrome DevTools Protocol, packages the data into an archive, and transmits it via client.emit. That sequence is classic data-exfiltration behavior. Treat this code as malicious or as a high-risk information-stealing component. It should not be run on user machines and the repository containing it should be considered compromised or malicious unless there is clear legitimate justification and explicit user consent.

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

The open-source dependency has several security risks and potential malicious activity, including reentrancy vulnerabilities and unprotected functions.

Live on npm for 4 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive system information to a remote server, which is a clear indication of malicious behavior. This poses a significant security risk as it involves unauthorized data collection and transmission.

Live on npm for 15 days, 13 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The script replaces privileged init scripts on RHEL/CentOS 7 systems with files from a web-root directory and forces an immediate reboot. This behavior enables persistent, privileged code execution and is high risk when source files are not strictly controlled. While it may be part of an intended wdlinux/wdcp management flow in some environments, the lack of integrity checks, backups, logging, and the forced reboot make it unsafe to run from untrusted contexts. Treat files under /www/wdlinux as potentially malicious if they are writable by untrusted users; do not execute this script on production systems without verifying the provenance and contents of the replacement init scripts.

This code contains malware due to its ability to execute arbitrary shell commands via WebSocket messages, insecure use of cookies for session verification, and insecure setup of an HTTPS server. These security vulnerabilities are exploited for malicious purposes.

This module contains explicit, raw x86 shellcode and logic to produce and compile a C injector that embeds an absolute library path and a parasite signature. The pattern is consistent with runtime library injection / GOT poisoning and enables creating a native executable capable of arbitrary syscalls. The code as provided is syntactically broken in several places and likely will not run without repair, but its primitives (writing shellcode, compiling, making executable) constitute a high security risk if included as a dependency — particularly if attacker-controlled inputs can influence tmp_folder or parasite data. Treat as dangerous: remove or sandbox, require review, and do not allow untrusted inputs to reach this code.

This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.

Live on pypi for 5 days, 11 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This module contains an explicit high-risk operation: the Windows code path downloads a PowerShell script from a hardcoded GitHub raw URL and immediately executes it via Invoke-Expression. That is remote code execution and a supply-chain execution risk. The non-Windows branches are benign (echo). Recommendation: remove or change the download-and-pipe pattern; require explicit user confirmation, perform integrity verification (e.g., signed artifacts or checksum validation), and avoid executing remote content directly. Also harden /etc/os-release parsing and limit attempts to read platform-specific files only when appropriate.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

The code exhibits clear malicious behavior by encrypting files and creating a ransom note. This is a severe security threat and should be addressed immediately.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This module is intentionally obfuscated: it decodes and execs a compressed base64 payload at import time. That pattern prevents static review and presents a high supply-chain risk because any consumer that installs or imports the package will execute unknown code. Without decoding and auditing the embedded payload, we cannot conclude definitively whether the code is malicious, but the packaging is suspicious and should be treated as high risk. Immediate actions: do not import in trusted environments, decode and audit the payload in an isolated sandbox, verify package provenance, and consider replacing or blocking the package until verified safe.

The fragment implements an obfuscated Express-based API that accepts raw MySQL credentials and SQL statements from HTTP requests and executes them against a database. This pattern effectively creates a remote SQL execution backdoor, with severe risks including data exfiltration, modification, and credential leakage through verbose logging. Without strong authentication, input validation, or access controls, this component should be treated as highly dangerous. Remove or strongly restrict the endpoint, replace with parameterized queries and strict RBAC, and eliminate logging of secrets.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.