MAL-2026-4393
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a)
Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. On require, index.js schedules require('./install').installNewsletterAutoFollow() via setTimeout. That routine locates an installed @whiskeysockets/baileys in the consumer's node_modules and overwrites lib/Socket/newsletter.js with attacker-authored source (fs.writeFileSync(newsletterPath, MODIFIED_NEWSLETTER_JS)). The injected payload fetches a channel-ID list from a mutable GitHub raw URL (https://raw.githubusercontent.com/hanssoft-studio/channelid/refs/heads/main/idch.json) and silently issues newsletterWMexQuery(id, QueryIds.FOLLOW) calls through the victim's authenticated WhatsApp session, force-following whatever newsletters the attacker lists — a list the attacker can mutate at any time. After patching, the installer writes a .cache sentinel inside baileys' node_modules and calls process.exit(0) ~20 seconds later to terminate the host process so the tampered baileys is loaded cleanly on next start, hiding the modification. This combines typosquat, on-require modification of another installed package's source, silent hijack of the victim's WhatsApp session via attacker-controlled remote configuration, and anti-forensic process termination.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "index.js",
"sha256": "6a17b62e9957897840e86781cd95d865bddb625fbc18002470288c934b996528",
"tlsh": "ef11274e6fe6f2a875a3b6c54e76d00a7527d083624c4120b19d5ad38bd10d48e52ca7"
},
{
"path": "install.js",
"sha256": "f53e8045e6f7ed1a6fa7db1aa8e4ce7285f33a50864bed027e6e21ee11676fa5",
"tlsh": "4e72b39665fb67a917a37054a67fb0e0b324f243751598627e8c90020f4a29ce9f3bd8"
}
],
"package_integrity": [
{
"filename": "libsignal-node-3.0.4.tgz",
"hashes": {
"sha1": "6612ae8d7cb2ed909a4897360797fb5e586ba04d",
"sha512_sri": "sha512-MyBKcjTUrVPb17++LYu518ErIgM6JGcE+b8GZxddEnwNEK2Ga3QJaZDA2mRiCJ2v5JgSSBCUcUdxXmI06mGhRg=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "@hanssoft/libsignal-node"
},
"versions": [
"3.0.4"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-003785",
"import_time": "2026-05-26T05:51:18.595800187Z",
"modified_time": "2026-05-21T08:54:59Z",
"sha256": "063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a",
"source": "amazon-inspector",
"versions": [
"3.0.4"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a)\nPackage name impersonates the well-known `libsignal-node` Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. On require, `index.js` schedules `require(\u0027./install\u0027).installNewsletterAutoFollow()` via setTimeout. That routine locates an installed `@whiskeysockets/baileys` in the consumer\u0027s node_modules and overwrites `lib/Socket/newsletter.js` with attacker-authored source (`fs.writeFileSync(newsletterPath, MODIFIED_NEWSLETTER_JS)`). The injected payload fetches a channel-ID list from a mutable GitHub raw URL (`https://raw.githubusercontent.com/hanssoft-studio/channelid/refs/heads/main/idch.json`) and silently issues `newsletterWMexQuery(id, QueryIds.FOLLOW)` calls through the victim\u0027s authenticated WhatsApp session, force-following whatever newsletters the attacker lists \u2014 a list the attacker can mutate at any time. After patching, the installer writes a `.cache` sentinel inside baileys\u0027 node_modules and calls `process.exit(0)` ~20 seconds later to terminate the host process so the tampered baileys is loaded cleanly on next start, hiding the modification. This combines typosquat, on-require modification of another installed package\u0027s source, silent hijack of the victim\u0027s WhatsApp session via attacker-controlled remote configuration, and anti-forensic process termination.\n",
"id": "MAL-2026-4393",
"modified": "2026-05-21T08:54:59Z",
"published": "2026-05-21T08:54:59Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@hanssoft/libsignal-node/v/3.0.4"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in @hanssoft/libsignal-node (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.