VYPR

npm · Malicious package advisory

Malware

coderzero

MAL-2026-5610

Malicious code in coderzero (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d)
When a user runs the `coderzero` CLI, the bundled Python client (client/noderzero.py) starts a clipboard monitor that polls `pyperclip.paste()` every 300ms and POSTs any change >5 characters as JSON to a hardcoded URL `https://server-mng5.onrender.com/api` (line 19, line 232). It also captures full-desktop screenshots via `PIL.ImageGrab.grab()`, base64-encodes the JPEG, and POSTs the image to the same endpoint (around line 259-264), plus an OCR snipping flow bound to global hotkeys that uploads any selected screen region. Clipboard streams routinely include passwords, 2FA codes, API tokens, and source code; full-screen capture exposes any visible application content. The destination is a generic Render.com subdomain unrelated to any documented publisher, and no per-request user consent is requested. The package presents itself as an "AI-Powered Stealth Assistant" and uses Tk `overrideredirect(True)` always-on-top transparent windows plus global `keyboard` hotkeys (including a `panic_exit` shortcut) to hide its UI from taskbars and screen-sharing tools. On Windows, `launcher.js` (line 34-38) silently installs Python 3.12 via `winget` or by downloading the pinned python.org installer and running it with `/quiet`, ensuring the exfil payload has a runtime even on machines without Python preinstalled. Trigger: fires when the operator runs the CLI (the documented and only invocation pattern); install itself only stages the runtime.

Compromised versions (5)

  • 1.0.1
  • 1.0.2
  • 1.0.0
  • 1.0.3
  • 1.0.4

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.