{"id":"MAL-2026-4473","summary":"Malicious code in @zizie071/libsignal-node (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163)\nOn require(), index.js schedules install.js which locates the installer's @whiskeysockets/baileys package on disk and overwrites lib/Socket/newsletter.js with an embedded payload (MODIFIED_NEWSLETTER_JS). The injected code fetches a JSON list from https://raw.githubusercontent.com/pipih071/SilenceV3/refs/heads/main/ch.json (a mutable, attacker-controlled raw GitHub URL) and uses the installer's authenticated WhatsApp session to silently auto-follow channels listed in that file. install.js writes a marker file (.cache containing 'Iove') under Baileys' node_modules to track the patch and calls process.exit(0) after patching to mask the side effect. The package self-identifies as 'Open Whisper Systems' libsignal for Node.js' under the @zizie071 scope, mimicking the well-known libsignal-node library API surface (SessionBuilder, SessionCipher, etc.) so unsuspecting developers pull it in as a drop-in replacement. Three independent supply-chain harms are present: (1) cross-package tampering — the package mutates a sibling vendor's installed source on the installer's machine, (2) attacker-controlled remote behavior — the patched code reads a mutable URL on each run so the attacker can change targeted channels at any time, (3) namespace abuse / impersonation of a well-known cryptography library to deliver the payload.\n","modified":"2026-05-26T06:02:07.616414658Z","published":"2026-05-25T00:32:44Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-004562","import_time":"2026-05-26T05:52:50.813201343Z","versions":["3.3.6"],"source":"amazon-inspector","sha256":"3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163","modified_time":"2026-05-25T00:32:44Z"},{"id":"IN-MAL-2026-004563","import_time":"2026-05-26T05:52:50.913350798Z","versions":["3.4.6"],"source":"amazon-inspector","sha256":"5a2f3e504408800287317ea48a594dbcccfed211bae02ac9b4dfb5ddc352ae95","modified_time":"2026-05-25T00:32:47Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/@zizie071/libsignal-node/v/3.3.6"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@zizie071/libsignal-node/v/3.4.6"}],"affected":[{"package":{"name":"@zizie071/libsignal-node","ecosystem":"npm","purl":"pkg:npm/%40zizie071%2Flibsignal-node"},"versions":["3.3.6","3.4.6"],"database_specific":{"cwes":[{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@zizie071/libsignal-node/MAL-2026-4473.json","indicators":{"package_integrity":[{"filename":"libsignal-node-3.3.6.tgz","hashes":{"sha512_sri":"sha512-KZiFa+80QgVF9OB8y899X59kNlycd+KzDELFaOL44Xx7HTUhRjgX6SmSf9uzHBDQWym1etWDB1MMqJ4UvhXjvw==","sha1":"e01783195729a5e3849713b0d6c92f9cfab70c15"}}],"evidence_files":[{"path":"install.js","tlsh":"7272b39665fb67a917a37054a67fb0e0b324f243751598627e8c90020f4a2dce9f3bd8","sha256":"c86cd05d866b3c1ef4e36cba593765fc6d0346ac6c52325d737f53cd2fe09d50"},{"path":"package.json","tlsh":"2ef0f024ca15ec3300c47a6a6c71090653a21c638998bd0c33c6880c8f9e19fa7bea6d","sha256":"334197589b29aa70bc1eb7e40f4aafaaa9760a6d5f41554e0f5f301bee77070e"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}