VYPR

npm · Malicious package advisory

Malware

@inetafrica/open-claudia

MAL-2026-4395

Malicious code in @inetafrica/open-claudia (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (09b3881ec598069649e57612f04359886ef22331899541885248ea6a0a41bce2)
Multiple files in this package contain a Telegram-bot-based command-and-control and exfiltration framework wired to install/runtime-reachable code paths. setup.js (line 57, 73) and health.js (line 90) embed hardcoded `https://api.telegram.org` endpoints used in https GET/POST/request calls combined with `child_process`, `fs`, and `os` reads of `process.env`, `process.platform`, and host identifiers (`whoami`, `id`, `ping`). bot-agent.js, bot.js, and core/handlers.js compose the same primitive set: `require('child_process')` + `require('https')` + filesystem enumeration (`fs.existsSync`, `fs.readdirSync`) + outbound POSTs, with curl/ping shell-outs at bot-agent.js lines 598–608/1164. core/loopback.js exposes a local HTTP server staging system info via `os.tmpdir()`. The combined shape — Telegram C2 endpoints, host fingerprinting via shell commands, filesystem enumeration, environment-variable harvesting, and bot-agent automation — matches an installer-side credential and host-data exfiltration tool delivered via an npm package, not a legitimate Claude/Cursor helper as the name suggests. Installing or running this package will leak environment variables, host identifiers, and filesystem state to attacker-controlled Telegram bots and likely accept remote commands back via the same channel.

Compromised versions (2)

  • 2.2.15
  • 2.2.16

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.