{"id":"MAL-2026-4707","summary":"Malicious code in vue-compiler-sfc-plugin (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9)\nPackage name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs postinstall-run.cjs which invokes tooling-bootstrap.cjs. tooling-bootstrap.cjs concatenates a fragmented base64 array (BOOTSTRAP_B64), decodes it, writes the resulting JS to ~/.gradle/daemon/tooling-api-runtime.mjs (a Gradle-daemon cover name), and detached-spawns it with the user's node binary (spawn(nodeBin, args, { detached: true, stdio: 'ignore', windowsHide: true }); child.unref()). Activation is gated by victim-project sentinels (ALLOWED_PROJECT_SENTINELS includes 'src/businessCom/BLinker.vue' and 'src/api/gameCategorie.js'), so the RAT only deploys inside the intended victim's repo — evading sandboxed install scanners. The decoded payload is a long-running C2 agent that POSTs hostname, OS user, and OS info to https://npmjs.it.com/api/register, persists an agent id at ~/.gradle-cache/.aid, polls https://npmjs.it.com/api/task/\u003cagent\u003e, and dispatches operator-issued ops: exec (spawn /bin/sh or cmd.exe with attacker-supplied command), ls, download (read arbitrary path and POST bytes to /api/file/\u003cagent\u003e/\u003ctask\u003e), upload (write attacker-supplied base64 to arbitrary path), delete (fs.rmSync), move, ps. C2 defaults to https://npmjs.it.com/ (a typosquat of npmjs.com) and TLS verification can be disabled via C2_TLS_INSECURE. This is a fully-featured backdoor enabling credential theft (~/.aws, ~/.ssh,.env,.npmrc), arbitrary code execution, and persistent remote control of any machine where install hits the targeted project.\n","modified":"2026-05-26T15:16:43.213592065Z","published":"2026-05-25T15:12:28Z","database_specific":{"malicious-packages-origins":[{"versions":["3.5.25"],"modified_time":"2026-05-25T15:12:28Z","sha256":"c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9","id":"IN-MAL-2026-004696","import_time":"2026-05-26T05:53:06.374150363Z","source":"amazon-inspector"},{"versions":["3.5.26"],"modified_time":"2026-05-26T14:14:28Z","sha256":"ccae84b1e69608b53868c4776df642dd816aa47b9110e8958aa03fcb6899f5e8","id":"IN-MAL-2026-004915","import_time":"2026-05-26T15:07:42.35599729Z","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/vue-compiler-sfc-plugin/v/3.5.25"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/vue-compiler-sfc-plugin/v/3.5.26"}],"affected":[{"package":{"name":"vue-compiler-sfc-plugin","ecosystem":"npm","purl":"pkg:npm/vue-compiler-sfc-plugin"},"versions":["3.5.25","3.5.26"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"sha256":"611d046e90549a66bed104e3039df93ff33a7618e5c8bcc285d788c6095f7620","tlsh":"9e6281a6cc9b2d448350461ab5ce28c9284e87833d967dddb6ee82dc6f4e42f01f51ed","path":"tooling-bootstrap.cjs"}],"package_integrity":[{"hashes":{"sha1":"0f1e240ae86d31a345fdc4721855ff55717ad728","sha512_sri":"sha512-70fyCWXaP91GGi3Cs13ZuA9eoOSr3dfdWeddGwM8BiqWQqMXW6ldnyR4ZC8KD8en3sgWhEiCTh6TzrHWghi4AQ=="},"filename":"vue-compiler-sfc-plugin-3.5.25.tgz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vue-compiler-sfc-plugin/MAL-2026-4707.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}