npm · Malicious package advisory
Malwarecarvus-lens
MAL-2026-4505
Malicious code in carvus-lens (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0)
carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected screen content to two third-party services chosen by the author, not the user. render.js line 4 hardcodes `GROQ_API_KEY = "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"` and the queryGroq function POSTs OCR'd text to `https://api.groq.com/openai/v1/chat/completions` with `Authorization: Bearer ${GROQ_API_KEY}`, so every user's selected screen text flows into Groq under the author's account. render.js line 5 hardcodes `IMG_HOST_KEY = "6d207e02198a847aa98d0a2a901485a5"` and uploadImage POSTs cropped screenshots to `https://freeimage.host/api/1/upload?key=${IMG_HOST_KEY}` — screenshots may contain messages, documents, code, or banking content, are stored under the author's freeimage.host account, and are made publicly accessible (the resulting URL is then handed to lens.google.com). README does not disclose either intermediary. Two compounding issues: (1) silent-relay — normal use of the advertised API exfiltrates user screen content to author-chosen destinations the user never selected; (2) credential redistribution — both API keys are extractable from the shipped client code and can be abused by any installer to bill Groq usage against the author or upload arbitrary content to the author's freeimage.host account.
Compromised versions (1)
- 1.0.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.