{"id":"MAL-2026-6086","summary":"Malicious code in ai-chat-helper (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (39a12d35a8713a8f63eaf342901214a7f53fa396b9ee8218d246e5e0db7b6318)\ncollect.js performs system reconnaissance and exfiltration to a hardcoded attacker-controlled host. The script imports child_process, os, fs, http, and https; reads os.hostname(), os.homedir(), and inspects local filesystem paths via fs.existsSync; and POSTs the collected data to http://aab.sportsontheweb.net (line 13/line 366). The destination is an unrelated third-party domain over cleartext HTTP, with no relationship to any documented chat-helper functionality. This is the canonical credential/host-info beacon shape: child_process for command execution, os for host identity, fs for local file enumeration, and a hardcoded HTTP POST to an attacker domain.\n","modified":"2026-06-17T22:46:51.443858227Z","published":"2026-06-17T22:09:22Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-17T22:38:21.793824762Z","source":"amazon-inspector","sha256":"2a7654ff516176e3c9277ea8711149b1d55851165aa430307db43ebfdb578a3f","id":"IN-MAL-2026-006951","modified_time":"2026-06-17T22:09:22Z","versions":["1.0.9"]},{"import_time":"2026-06-17T22:38:21.903457499Z","source":"amazon-inspector","sha256":"39a12d35a8713a8f63eaf342901214a7f53fa396b9ee8218d246e5e0db7b6318","id":"IN-MAL-2026-006952","modified_time":"2026-06-17T22:09:24Z","versions":["1.0.2"]},{"import_time":"2026-06-17T22:38:22.021780306Z","source":"amazon-inspector","sha256":"6da659c2083db3bfaa683c19c572521b78359bbfb266ed9259192e19fe47e02f","id":"IN-MAL-2026-006953","versions":["1.0.1"],"modified_time":"2026-06-17T22:09:25Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/ai-chat-helper/v/1.0.9"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/ai-chat-helper/v/1.0.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/ai-chat-helper/v/1.0.1"}],"affected":[{"package":{"name":"ai-chat-helper","ecosystem":"npm","purl":"pkg:npm/ai-chat-helper"},"versions":["1.0.9","1.0.2","1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ai-chat-helper/MAL-2026-6086.json","indicators":{"evidence_files":[{"tlsh":"cea21e5b14cb351ac747e70ad7670014ad88abb3b113bb41bb8c9bd41f2ad2663d09f9","sha256":"57adc4f1f15fdf470534e2b357c51a4c6b50bd6c281237638be2ff781a429fb8","path":"collect.js"}],"package_integrity":[{"filename":"ai-chat-helper-1.0.9.tgz","hashes":{"sha512_sri":"sha512-KKWn6u7Tk1+JYbbRrrWvq1/5EhVpVCQAwQmfVkFBjo6JmA/qtWBVtEiuIf7o4VLeY73Nf7BCx3sYZmdy532qfg==","sha1":"b4ab333a396a8353916de838dc91378db25d274a"}}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}