VYPR

npm · Malicious package advisory

Malware

kurumi-fca

MAL-2026-4597

Malicious code in kurumi-fca (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0)
kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it unsafe for installers:

1. Silent relay of user data. After login, every incoming Messenger photo attachment is routed through a hidden uploader (`api._imgUpload`, defined as non-enumerable in index.js L376-378) to author-controlled ImgBB and ImageKit accounts. src/listenMqtt.js L455-460 invokes this for every photo delta received via `api.listenMqtt`. Callers of the documented API have no signal that attachment URLs are being re-hosted on third-party storage owned by the package author.

2. Auto-self-update bypassing dependency pinning. On every `require('kurumi-fca')`, index.js L23-29 schedules `checkForFCAUpdate()`, which queries the npm registry for the latest version and, if newer, runs `execSync('npm install kurumi-fca@<latest> --save', { cwd: process.cwd() })` (checkUpdate.js L88), rewrites the consumer's package.json dependencies entry, and exits the process. Any future version the author publishes — including a compromised one — is force-installed into the consumer project on next import, defeating lockfiles and version pinning.

3. Mutable out-of-band relay configuration. The relay credentials (ImgBB/ImageKit API keys) are fetched at login from `https://raw.githubusercontent.com/N1SA9EDITZ/ST-Handlers/refs/heads/main/kurumi-fcakey.json` (index.js L302-313) on a mutable `main` branch with no integrity check, letting the author re-aim the silent relay destination at any time without publishing a new package version.

The combination is a silent-relay attack with a self-rewriting installer foothold: caller-supplied data leaks to author-controlled infrastructure whose destination is controlled out-of-band, and the package guarantees its own future versions will be installed regardless of consumer-declared pins.

Compromised versions (2)

  • 1.1.8
  • 1.1.7

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.