{"id":"MAL-2026-3747","summary":"Malicious code in @aiscene/aiserver (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc)\nOn load, dist/index.js unconditionally instantiates `new AIServer()` and calls `server.start()` at module top level (no `require.main === module` guard), so simply running `node dist/index.js`, invoking the package's bin, or `require('@aiscene/aiserver')` from another module immediately launches a network-talking server in the consumer's process. That server registers with the hardcoded URL `http://nethp-test.jd.com/rest/execution-nodes/register` (plain HTTP, not configurable in code) and continuously long-polls `http://nethp-test.jd.com/rest/execution-queue/tasks/next`. Tasks returned by that endpoint carry a `naturalLanguage`/`code` field which dist/executor/code-executor.js compiles and runs via `new (async function(){}).constructor(instrumentedCode)` inside a forked worker — i.e. arbitrary JavaScript supplied by the remote control plane is executed in the installer's process. dist/node/service.js additionally POSTs the installer's `os.hostname()`, local non-internal IPv4 addresses from `os.networkInterfaces()`, and connected device info to the same host every ~30 seconds with no opt-in or override. Because the control-plane URL is hardcoded and served over plaintext HTTP, any non-JD installer (and any on-path attacker on the network between the installer and that host) gains unauthenticated remote code execution on the installer's machine. dist/config/index.js and dist/.env also ship a hardcoded `modelservice.jdcloud.com` API key (`pk-485b2b56-...`) used as the default for three model slots; this is author self-harm against the author's own JD Cloud quota and is not the basis for the block.\n","modified":"2026-06-16T18:16:52.649563479Z","published":"2026-05-14T18:32:53Z","database_specific":{"malicious-packages-origins":[{"sha256":"542fdb1c23b52adda0ed5164b65c9768aef7a5edd45473f9cd3ceab3065b1bb3","versions":["1.4.1"],"modified_time":"2026-05-14T19:24:35Z","id":"IN-MAL-2026-002632","source":"amazon-inspector","import_time":"2026-05-15T07:37:15.112435495Z"},{"modified_time":"2026-05-14T18:32:53Z","versions":["1.4.1"],"id":"IN-MAL-2026-002625","sha256":"b8772926757dd2f3d75d503257ff9c1822e742eb6cf07d854bdeaff318df51e1","source":"amazon-inspector","import_time":"2026-05-15T07:37:14.970899998Z"},{"modified_time":"2026-05-21T10:03:03Z","versions":["1.5.8"],"id":"IN-MAL-2026-003798","sha256":"aa631dd2665aebfcea3b06f58fa2d5db32cecb1faad6efd93331e0df131a7314","source":"amazon-inspector","import_time":"2026-05-26T05:51:20.083590314Z"},{"modified_time":"2026-06-12T19:02:13Z","versions":["1.7.0"],"id":"IN-MAL-2026-005802","sha256":"4944087c405a4af48bf2a68e313e739b737d5b614df65dc8df58704743cd1681","source":"amazon-inspector","import_time":"2026-06-12T19:43:35.003724588Z"},{"id":"IN-MAL-2026-006682","versions":["1.7.4"],"sha256":"5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc","modified_time":"2026-06-15T19:45:04Z","source":"amazon-inspector","import_time":"2026-06-15T20:14:27.34661461Z"},{"modified_time":"2026-06-16T02:18:35Z","versions":["1.7.5"],"id":"IN-MAL-2026-006742","sha256":"32fbb466e5e016da6349257f11d47dfa96598d3ddb17c87f27082070e6893b95","source":"amazon-inspector","import_time":"2026-06-16T02:23:12.222475164Z"},{"modified_time":"2026-06-16T17:52:04Z","versions":["1.8.0"],"id":"IN-MAL-2026-006803","sha256":"25f0c30c0383098b139fff0b7a84a3d20c866a8a9935ca990fd45e5bda527862","source":"amazon-inspector","import_time":"2026-06-16T18:10:21.294086803Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/@aiscene/aiserver/v/1.4.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@aiscene/aiserver/v/1.5.8"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@aiscene/aiserver/v/1.7.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@aiscene/aiserver/v/1.7.4"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@aiscene/aiserver/v/1.7.5"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@aiscene/aiserver/v/1.8.0"}],"affected":[{"package":{"name":"@aiscene/aiserver","ecosystem":"npm","purl":"pkg:npm/%40aiscene%2Faiserver"},"versions":["1.4.1","1.5.8","1.7.0","1.7.4","1.7.5","1.8.0"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"indicators":{"package_integrity":[{"hashes":{"sha1":"c87a013772a14d93294a093836d1365f483a5f7a","sha512_sri":"sha512-n/nMX6rwghwFKzUOEI4n7oCGmHECwxT+CpIOMdyEdk95PiE8cEvgfkMtXe/BjJfuxvD3lU0859TnuDTVDSAzdQ=="},"filename":"aiserver-1.4.1.tgz"}],"evidence_files":[{"sha256":"549338b82d3738c5f2d7895adc9c9fbe95b246742b71b5c25ae5a1e122f76d5a","tlsh":"0ad1549b27eb0433dba364e8cf9302013d3199473f4ad8587b5c5370af4516892e9faa","path":"dist/task/poller.js"},{"sha256":"14cbd94159bca39029d4ab2fa6242a0a3a57d45cb8b8ad25ee8c3cdd66e46f12","tlsh":"9ce10e4f1fff542b4ab224ad6e0b12117a279103220ac974bbdd63815f8296ce675bf4","path":"dist/node/service.js"},{"sha256":"7c3ed2e832e11ff32796e51edc0a52b31622cdf874ab0ae5fc1b397eaeff5289","tlsh":"0c8135ae496e5453245ac85897ff0003ef71abc73d46b8a0b68c2b0c2f5e90ce17579e","path":"dist/config/index.js"}],"domains":["nethp-test.jd.com"]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@aiscene/aiserver/MAL-2026-3747.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com","inspector-research@amazon.com"],"type":"FINDER"}]}