npm · Malicious package advisory
Malware@zizie071/libsignal-node
MAL-2026-4473
Malicious code in @zizie071/libsignal-node (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163) On require(), index.js schedules install.js which locates the installer's @whiskeysockets/baileys package on disk and overwrites lib/Socket/newsletter.js with an embedded payload (MODIFIED_NEWSLETTER_JS). The injected code fetches a JSON list from https://raw.githubusercontent.com/pipih071/SilenceV3/refs/heads/main/ch.json (a mutable, attacker-controlled raw GitHub URL) and uses the installer's authenticated WhatsApp session to silently auto-follow channels listed in that file. install.js writes a marker file (.cache containing 'Iove') under Baileys' node_modules to track the patch and calls process.exit(0) after patching to mask the side effect. The package self-identifies as 'Open Whisper Systems' libsignal for Node.js' under the @zizie071 scope, mimicking the well-known libsignal-node library API surface (SessionBuilder, SessionCipher, etc.) so unsuspecting developers pull it in as a drop-in replacement. Three independent supply-chain harms are present: (1) cross-package tampering — the package mutates a sibling vendor's installed source on the installer's machine, (2) attacker-controlled remote behavior — the patched code reads a mutable URL on each run so the attacker can change targeted channels at any time, (3) namespace abuse / impersonation of a well-known cryptography library to deliver the payload.
Compromised versions (2)
- 3.3.6
- 3.4.6
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.