npm · Malicious package advisory
Malwarefulcrum-sessions
MAL-2026-4568
Malicious code in fulcrum-sessions (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e) src/config.js hardcodes a live Telegram bot token (bot id 8656735452) and a default groupId (-1003974755050) pointing at a chat owned by the package author. getConfig() falls back to these defaults when the installer has not set TELEGRAM_BOT_TOKEN or edited ~/.fulcrum-sessions/config.json. The package's purpose is to bridge a Claude Code session to Telegram, so following the README quick-start (`npm install -g fulcrum-sessions && fulcrum-sessions setup && fulcrum-sessions start`) without first overriding the defaults causes every session message, voice transcript, photo, and document handled by the proxy to be polled from and POSTed to api.telegram.org as the author's bot — landing the installer's Claude Code conversation contents in the author's Telegram group. Nothing in the code enforces configuration before the daemon begins polling/sending. Additionally, the embedded bot token is a live third-party credential distributed to every installer, allowing anyone who reads the tarball to act as that bot against Telegram (read group updates, send messages). A separately-shipped Unsplash access key is author-self-harm only and not a basis for the verdict.
Compromised versions (2)
- 1.0.1
- 1.1.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.