npm · Malicious package advisory
Malwareidlidosa
MAL-2026-4581
Malicious code in idlidosa (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (5c6cba2c58d95d705af7dc5bb1c630129127835fb1ef15d4ccf43ec2818bf632)
The package is purpose-built tooling to defeat exam-proctoring / lockdown software, with multiple installer-machine integrity harms triggered when the user runs the documented `idlidosa start` command:
1. Binary masquerade as Microsoft software: `dist/cli/index.js` (~line 290) copies the bundled `electron.exe` to `msedgewebview2.exe` and uses bundled `rcedit` to overwrite its Windows version resources to claim `CompanyName=Microsoft Corporation` and `ProductName=Microsoft Edge WebView2 Runtime`. The guard process additionally sets `process.title = "Windows Audio Device Graph Isolation"`. An administrator auditing the host sees what appears to be a Microsoft component but is an unsigned Electron app under this package's control.
2. Persistence as fake Edge updater: `installResurrector` (~line 330) registers a Windows Scheduled Task named `MicrosoftEdgeWebView2Update` that runs every 1 minute via `schtasks /create... /sc MINUTE /mo 1 /f`, re-spawning a launcher written to `%APPDATA%/Idlidosa/resurrect.js`. The task name impersonates a legitimate Microsoft Edge update job.
3. Anti-detection watchdog: `cli/guard.cjs` carries self-incriminating comments stating the 1500ms restart delay is `fast enough to beat TestPad's 30s scan` and that it runs as `node.exe (which lockdown software rarely kills)`.
4. Process-wide TLS validation disabled: `dist/shared/index.js` (~line 187) sets `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"` at module load, disabling TLS certificate validation for every HTTPS call made by the host Node process for the lifetime of that process — not just calls made by this package. Subsequent traffic (including screenshots of the user's screen and bundled API keys) is sent over un-validated TLS and is exposed to MITM on the installer's network.
5. Bundled decryptable Groq API key pool: `shared/keys.json` ships nine AES-256-GCM-encrypted Groq API keys whose decryption key is `sha256("pageai-pool-v2")` (literal byte array in `shared/crypto.ts`), so any installer can decrypt them. These are the author's own keys (author self-harm), but they are used as the default channel for sending the user's screen captures over the TLS-disabled connection.
The combination of Microsoft-impersonation on disk, Microsoft-impersonation as a scheduled task, watchdog comments documenting evasion intent, and global TLS weakening constitutes deliberate harm to the integrity of any host this is installed and run on.
Compromised versions (5)
- 1.0.0
- 1.0.1
- 1.0.7
- 1.0.4
- 1.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.