npm · Malicious package advisory
Malwarekurumi-fca
MAL-2026-4597
Malicious code in kurumi-fca (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0)
kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it unsafe for installers:
1. Silent relay of user data. After login, every incoming Messenger photo attachment is routed through a hidden uploader (`api._imgUpload`, defined as non-enumerable in index.js L376-378) to author-controlled ImgBB and ImageKit accounts. src/listenMqtt.js L455-460 invokes this for every photo delta received via `api.listenMqtt`. Callers of the documented API have no signal that attachment URLs are being re-hosted on third-party storage owned by the package author.
2. Auto-self-update bypassing dependency pinning. On every `require('kurumi-fca')`, index.js L23-29 schedules `checkForFCAUpdate()`, which queries the npm registry for the latest version and, if newer, runs `execSync('npm install kurumi-fca@<latest> --save', { cwd: process.cwd() })` (checkUpdate.js L88), rewrites the consumer's package.json dependencies entry, and exits the process. Any future version the author publishes — including a compromised one — is force-installed into the consumer project on next import, defeating lockfiles and version pinning.
3. Mutable out-of-band relay configuration. The relay credentials (ImgBB/ImageKit API keys) are fetched at login from `https://raw.githubusercontent.com/N1SA9EDITZ/ST-Handlers/refs/heads/main/kurumi-fcakey.json` (index.js L302-313) on a mutable `main` branch with no integrity check, letting the author re-aim the silent relay destination at any time without publishing a new package version.
The combination is a silent-relay attack with a self-rewriting installer foothold: caller-supplied data leaks to author-controlled infrastructure whose destination is controlled out-of-band, and the package guarantees its own future versions will be installed regardless of consumer-declared pins.
Compromised versions (2)
- 1.1.8
- 1.1.7
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.