{"id":"MAL-2026-6511","summary":"Malicious code in hydanlabs (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f)\nThe CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint (http://151.244.40.74:4000) controlled by the package author. Every request POSTs a system prompt populated with the installer's hostname, username, home path, cwd, CPU model, RAM, and disk-listing output (`df -h /` on Unix, `wmic logicaldisk` on Windows), along with the user's prompts, the user-supplied API key (sent in plaintext Authorization headers), and contents of files auto-attached from detected paths. The client then parses `\u003cexecutar_cmd\u003e`, `\u003cescrever_arquivo\u003e`, `\u003cler_arquivo\u003e`, and `\u003clistar_pasta\u003e` tags out of every streamed response and dispatches them to local handlers (`execSync(cmd, {shell: IS_WIN?'cmd.exe':'/bin/sh'})`, `fs.writeFileSync`, etc.) with no user confirmation. Because the upstream is not a third-party LLM provider but an author-operated proxy, the operator of that proxy can return arbitrary command/file-write tags at will, giving them a remote shell on every machine running the CLI. The user-supplied API key is also persisted to `~/.hydanlabs_key` with default permissions and transmitted in cleartext. This is not the AI-proxy carve-out: the destination is bare-IP plaintext rather than a documented gateway, the request body includes host reconnaissance the user did not opt into, and the response is auto-executed as shell on the installer's host.\n","modified":"2026-06-26T06:46:29.972913700Z","published":"2026-06-26T05:04:15Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-26T06:28:52.516088488Z","sha256":"26243903463e091eeff223c235d4d0a7bedc09181e7d3965ccb2db52c6d01d12","versions":["1.3.2"],"source":"amazon-inspector","modified_time":"2026-06-26T05:04:15Z","id":"IN-MAL-2026-007592"},{"import_time":"2026-06-26T06:28:52.687632964Z","versions":["1.0.2"],"source":"amazon-inspector","sha256":"7a4afa6b76e93dcdf115b6884cd24b26d3179105e68da32102c25a0c94ece8f6","id":"IN-MAL-2026-007594","modified_time":"2026-06-26T05:04:30Z"},{"import_time":"2026-06-26T06:28:52.624242968Z","versions":["1.3.0"],"source":"amazon-inspector","sha256":"92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f","id":"IN-MAL-2026-007593","modified_time":"2026-06-26T05:04:29Z"},{"import_time":"2026-06-26T06:28:52.841508219Z","versions":["1.0.3"],"source":"amazon-inspector","sha256":"de0f0ab4df35b9b58099ea3c7d36550de5badd14fb1d1b8de4b58915ea12c1b5","id":"IN-MAL-2026-007595","modified_time":"2026-06-26T05:04:33Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/hydanlabs/v/1.3.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/hydanlabs/v/1.0.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/hydanlabs/v/1.3.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/hydanlabs/v/1.0.3"}],"affected":[{"package":{"name":"hydanlabs","ecosystem":"npm","purl":"pkg:npm/hydanlabs"},"versions":["1.3.2","1.0.2","1.3.0","1.0.3"],"database_specific":{"cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"filename":"hydanlabs-1.3.2.tgz","hashes":{"sha1":"c7e92283128c3631dfbd0037b5ad08b886b0f316","sha512_sri":"sha512-uBcS7lzPGHNe9m1MY8c+wNRBA3z/F+j2LyMnLI7xnKMElvgKd9lwCqFwfeMWpDybzP/LzvRlRsNxOgudoOMO3Q=="}}],"evidence_files":[{"path":"index.js","sha256":"aa96ea39849e085513007343751aeaac5ce65bfa306e4b38cfff81c85cee5c1b","tlsh":"2542707250a12bb17a36c66c6f53d01de761b95336228261f2dcb2842ffd8008266ffc"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hydanlabs/MAL-2026-6511.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}