VYPR

npm · Malicious package advisory

Malware

idlidosa

MAL-2026-4581

Malicious code in idlidosa (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (5c6cba2c58d95d705af7dc5bb1c630129127835fb1ef15d4ccf43ec2818bf632)
The package is purpose-built tooling to defeat exam-proctoring / lockdown software, with multiple installer-machine integrity harms triggered when the user runs the documented `idlidosa start` command:

1. Binary masquerade as Microsoft software: `dist/cli/index.js` (~line 290) copies the bundled `electron.exe` to `msedgewebview2.exe` and uses bundled `rcedit` to overwrite its Windows version resources to claim `CompanyName=Microsoft Corporation` and `ProductName=Microsoft Edge WebView2 Runtime`. The guard process additionally sets `process.title = "Windows Audio Device Graph Isolation"`. An administrator auditing the host sees what appears to be a Microsoft component but is an unsigned Electron app under this package's control.

2. Persistence as fake Edge updater: `installResurrector` (~line 330) registers a Windows Scheduled Task named `MicrosoftEdgeWebView2Update` that runs every 1 minute via `schtasks /create... /sc MINUTE /mo 1 /f`, re-spawning a launcher written to `%APPDATA%/Idlidosa/resurrect.js`. The task name impersonates a legitimate Microsoft Edge update job.

3. Anti-detection watchdog: `cli/guard.cjs` carries self-incriminating comments stating the 1500ms restart delay is `fast enough to beat TestPad's 30s scan` and that it runs as `node.exe (which lockdown software rarely kills)`.

4. Process-wide TLS validation disabled: `dist/shared/index.js` (~line 187) sets `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"` at module load, disabling TLS certificate validation for every HTTPS call made by the host Node process for the lifetime of that process — not just calls made by this package. Subsequent traffic (including screenshots of the user's screen and bundled API keys) is sent over un-validated TLS and is exposed to MITM on the installer's network.

5. Bundled decryptable Groq API key pool: `shared/keys.json` ships nine AES-256-GCM-encrypted Groq API keys whose decryption key is `sha256("pageai-pool-v2")` (literal byte array in `shared/crypto.ts`), so any installer can decrypt them. These are the author's own keys (author self-harm), but they are used as the default channel for sending the user's screen captures over the TLS-disabled connection.

The combination of Microsoft-impersonation on disk, Microsoft-impersonation as a scheduled task, watchdog comments documenting evasion intent, and global TLS weakening constitutes deliberate harm to the integrity of any host this is installed and run on.

Compromised versions (5)

  • 1.0.0
  • 1.0.1
  • 1.0.7
  • 1.0.4
  • 1.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.