npm · Malicious package advisory
Malware@saidddddddddd/somethingelse
MAL-2026-4430
Malicious code in @saidddddddddd/somethingelse (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d) Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root (dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js, dist/lzg6wv3g94.js, dist/mbzwtchywb.js, dist/qqbh2u5u9j.js, dist/vzdg7whark.js, plus chunks under dist/chunks/) all containing dense hex-suffixed identifier obfuscation (`_0xNNNNNN` variable naming, shuffled string arrays). The bundles incorporate Chrome DevTools / chii remote-debugging front-end code (dist/core/i/chii/front_end/...), including ping/curl/network command primitives and fetch-based network calls. The combination of (a) randomly-named obfuscated entry files, (b) embedded remote-debugging/inspection tooling (chii is a remote DevTools backend that exposes a target browser to a remote inspector), and (c) network exfiltration primitives in those bundles is structurally consistent with a remote-control / device-inspection payload rather than a normal application library. The package scope `@saidddddddddd/*` shows no publisher reputation signals (placeholder-like name, no documented purpose matching the embedded chii tooling).
Compromised versions (1)
- 2.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.