MAL-2026-4696
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6)
package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registry entirely. Any npm install turing-sdk resolves and installs that tarball, whose contents are mutable on the author's host and never seen by registry scanners. Per the package's own README, that dependency downloads a turing binary at install. The published index.js main entry is obfuscator.io-style obfuscated (rotated string-array decoder, hex-named identifiers, self-defending IIFE) and acts as a thin wrapper that spawns the sibling turing binary, passing the caller's API keys through env vars (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, etc.). Default provider presets route requests to *.tap365.org gateway hosts (e.g. grok74.tap365.org). The combination — off-registry mutable tarball source + opaque downloaded binary + obfuscated wrapper that hands user credentials to that binary + author-operated gateway as default routing target — gives the publisher a free channel to ship arbitrary bytes to installers and to receive caller-supplied API keys.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "package.json",
"sha256": "0be80bfdb7bd3d773d0266ce132f5347a035ff98e28dcf9b255890f7da861ad4",
"tlsh": "aff04c21c7624eb312c86560fd6a5d0392761c270168bc0576cb003d8fdc19f51fe1ad"
},
{
"path": "index.js",
"sha256": "f1520999674b91983038187d318f31f4c636406093f5fa33b2a9ae5d9e0047fa",
"tlsh": "1ff2b6646fc1a5801b579fb3722fa2d4e52b19be3a58089fd518bf647c7220be5e1c30"
}
],
"package_integrity": [
{
"filename": "turing-sdk-1.1.3.tgz",
"hashes": {
"sha1": "349ce4d3179708e0f42b521abd5ce96c3d512920",
"sha512_sri": "sha512-WNQZILeP0HfG70RH21bTt0pEtjBPRZGhyP+5MUOuonRLwMI72DLiKXIO0J+6KyOxO/p1WKwu9UIivTbYhTYgzw=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "turing-sdk"
},
"versions": [
"1.1.3"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-003759",
"import_time": "2026-05-26T05:51:15.56717825Z",
"modified_time": "2026-05-21T06:39:19Z",
"sha256": "01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6",
"source": "amazon-inspector",
"versions": [
"1.1.3"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6)\npackage.json declares `turing-code` as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registry entirely. Any `npm install turing-sdk` resolves and installs that tarball, whose contents are mutable on the author\u0027s host and never seen by registry scanners. Per the package\u0027s own README, that dependency downloads a `turing` binary at install. The published `index.js` main entry is obfuscator.io-style obfuscated (rotated string-array decoder, hex-named identifiers, self-defending IIFE) and acts as a thin wrapper that spawns the sibling `turing` binary, passing the caller\u0027s API keys through env vars (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, etc.). Default provider presets route requests to `*.tap365.org` gateway hosts (e.g. grok74.tap365.org). The combination \u2014 off-registry mutable tarball source + opaque downloaded binary + obfuscated wrapper that hands user credentials to that binary + author-operated gateway as default routing target \u2014 gives the publisher a free channel to ship arbitrary bytes to installers and to receive caller-supplied API keys.\n",
"id": "MAL-2026-4696",
"modified": "2026-05-21T06:39:19Z",
"published": "2026-05-21T06:39:19Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/turing-sdk/v/1.1.3"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in turing-sdk (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.