{"id":"MAL-2026-10134","summary":"Malicious code in stella-coder (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f0c3ed879ef15a68d537ad7b6ddb59508aba58eee49c8ca19b916ef59a0c2da6)\nstella-cli/telegram-bot.mjs hardcodes a Telegram bot API token (BOT_TOKEN = \"8923551485:AAFw4wG8ZwOtp5rzFsnguxhu4AH-2_ebSi0\") that is controlled by the package author. When the user invokes the /tg CLI command, the package starts a Telegram bot on the installer's machine that receives messages over api.telegram.org and passes them into execSync(`node stella-cli/index.mjs -p \"${text}\"`), invoking a shell-capable AI agent CLI with attacker-supplied input. Because the messaging channel is bound to a token the author retains, the author observes all bot traffic — including the 4-digit admin authorization code exchanged over that same channel — and can replay it to reach the command-execution path on any installer that enables /tg. telegram-bot.mjs additionally sends os.hostname() and os.userInfo().username to the same author-controlled bot. A hardcoded PREMIUM_CODE = \"10102013\" acts as a universal activation key that unlocks the remote-control feature-set without payment. package.json sets \"main\": \"stella-cli/index.mjs\", whose top-level executes main() and starts the interactive CLI on require/import, extending the reach of the /tg surface beyond the bin entry. There are no install lifecycle hooks; the backdoor fires when the user runs the CLI (or a consumer imports the module) and invokes /tg.\n","modified":"2026-07-10T16:32:00.273977699Z","published":"2026-07-10T15:59:07Z","database_specific":{"malicious-packages-origins":[{"versions":["5.0.0"],"import_time":"2026-07-10T16:19:43.048541644Z","id":"IN-MAL-2026-009629","sha256":"14c39e61e71e2a0e8cdbd42c8dc974ff425e03b27bc8a062b7c64cd6e09a0382","modified_time":"2026-07-10T15:59:17Z","source":"amazon-inspector"},{"versions":["5.1.0"],"import_time":"2026-07-10T16:19:42.915036906Z","id":"IN-MAL-2026-009628","sha256":"9dbd590476f6ed75799dfbea98c4f3e1d30f09d02fce6081afed3f95411ea07b","modified_time":"2026-07-10T15:59:07Z","source":"amazon-inspector"},{"import_time":"2026-07-10T16:19:43.294718076Z","versions":["5.1.1"],"id":"IN-MAL-2026-009631","sha256":"e7c1d21730856f349a9a7ae0af9ac0a96b018eaecb8e09356769087238da7449","modified_time":"2026-07-10T15:59:33Z","source":"amazon-inspector"},{"import_time":"2026-07-10T16:19:43.171866894Z","versions":["4.0.0"],"id":"IN-MAL-2026-009630","sha256":"f0c3ed879ef15a68d537ad7b6ddb59508aba58eee49c8ca19b916ef59a0c2da6","modified_time":"2026-07-10T15:59:24Z","source":"amazon-inspector"},{"import_time":"2026-07-10T16:19:43.392758621Z","versions":["5.0.1"],"id":"IN-MAL-2026-009632","sha256":"735f977af77fc57d1a4bf8e68e001c9c72445b0440fb4de0703a64c6702ed7eb","modified_time":"2026-07-10T15:59:42Z","source":"amazon-inspector"},{"versions":["5.1.2"],"import_time":"2026-07-10T16:19:43.678138713Z","id":"IN-MAL-2026-009634","sha256":"79b07b496c037e1933c66f3f9f84a8cfcc92e9b647b78735f6f30e9d3763cee4","modified_time":"2026-07-10T15:59:59Z","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/stella-coder/v/5.0.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/stella-coder/v/5.1.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/stella-coder/v/5.1.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/stella-coder/v/4.0.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/stella-coder/v/5.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/stella-coder/v/5.1.2"}],"affected":[{"package":{"name":"stella-coder","ecosystem":"npm","purl":"pkg:npm/stella-coder"},"versions":["5.0.0","5.1.0","5.1.1","4.0.0","5.0.1","5.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/stella-coder/MAL-2026-10134.json","indicators":{"evidence_files":[{"sha256":"79d66206b49c7780e4441c039ae69d9bd83ed9cbd9bb486d6b34105e0e498d5b","path":"stella-cli/telegram-bot.mjs","tlsh":"eed2f7a130ba56244242bda6d53a3d053635c26ffe293d90787d47e42f3d86cceb9788"}],"package_integrity":[{"hashes":{"sha1":"27497851e98fa52451ec4b3160487d1715cf9169","sha512_sri":"sha512-uO8NgQrlBI+mRyRPRWWyBsGSfEtrHcN8z5RmIkX6jFOuWJHsxLaGtnXiYBNIwf96/ZbHbhFUsv8HSlc/eRT/1w=="},"filename":"stella-coder-5.0.0.tgz"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}