MAL-2026-4707
Vulnerability from ossf_malicious_packages
Published
2026-05-25 15:12
Modified
2026-05-26 15:09
Summary
Malicious code in vue-compiler-sfc-plugin (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9)

Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs postinstall-run.cjs which invokes tooling-bootstrap.cjs. tooling-bootstrap.cjs concatenates a fragmented base64 array (BOOTSTRAP_B64), decodes it, writes the resulting JS to ~/.gradle/daemon/tooling-api-runtime.mjs (a Gradle-daemon cover name), and detached-spawns it with the user's node binary (spawn(nodeBin, args, { detached: true, stdio: 'ignore', windowsHide: true }); child.unref()). Activation is gated by victim-project sentinels (ALLOWED_PROJECT_SENTINELS includes 'src/businessCom/BLinker.vue' and 'src/api/gameCategorie.js'), so the RAT only deploys inside the intended victim's repo — evading sandboxed install scanners. The decoded payload is a long-running C2 agent that POSTs hostname, OS user, and OS info to https://npmjs.it.com/api/register, persists an agent id at ~/.gradle-cache/.aid, polls https://npmjs.it.com/api/task/, and dispatches operator-issued ops: exec (spawn /bin/sh or cmd.exe with attacker-supplied command), ls, download (read arbitrary path and POST bytes to /api/file//), upload (write attacker-supplied base64 to arbitrary path), delete (fs.rmSync), move, ps. C2 defaults to https://npmjs.it.com/ (a typosquat of npmjs.com) and TLS verification can be disabled via C2_TLS_INSECURE. This is a fully-featured backdoor enabling credential theft (~/.aws, ~/.ssh,.env,.npmrc), arbitrary code execution, and persistent remote control of any machine where install hits the targeted project.

CWE
  • CWE-506 - The product contains code that appears to be malicious in nature.
  • CWE-506 - The product contains code that appears to be malicious in nature.
Credits
Amazon Inspector actran@amazon.com
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          },
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "tooling-bootstrap.cjs",
              "sha256": "611d046e90549a66bed104e3039df93ff33a7618e5c8bcc285d788c6095f7620",
              "tlsh": "9e6281a6cc9b2d448350461ab5ce28c9284e87833d967dddb6ee82dc6f4e42f01f51ed"
            }
          ],
          "package_integrity": [
            {
              "filename": "vue-compiler-sfc-plugin-3.5.25.tgz",
              "hashes": {
                "sha1": "0f1e240ae86d31a345fdc4721855ff55717ad728",
                "sha512_sri": "sha512-70fyCWXaP91GGi3Cs13ZuA9eoOSr3dfdWeddGwM8BiqWQqMXW6ldnyR4ZC8KD8en3sgWhEiCTh6TzrHWghi4AQ=="
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "npm",
        "name": "vue-compiler-sfc-plugin"
      },
      "versions": [
        "3.5.25",
        "3.5.26"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "actran@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "id": "IN-MAL-2026-004696",
        "import_time": "2026-05-26T05:53:06.374150363Z",
        "modified_time": "2026-05-25T15:12:28Z",
        "sha256": "c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9",
        "source": "amazon-inspector",
        "versions": [
          "3.5.25"
        ]
      },
      {
        "id": "IN-MAL-2026-004915",
        "import_time": "2026-05-26T15:07:42.35599729Z",
        "modified_time": "2026-05-26T14:14:28Z",
        "sha256": "ccae84b1e69608b53868c4776df642dd816aa47b9110e8958aa03fcb6899f5e8",
        "source": "amazon-inspector",
        "versions": [
          "3.5.26"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9)\nPackage name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs postinstall-run.cjs which invokes tooling-bootstrap.cjs. tooling-bootstrap.cjs concatenates a fragmented base64 array (BOOTSTRAP_B64), decodes it, writes the resulting JS to ~/.gradle/daemon/tooling-api-runtime.mjs (a Gradle-daemon cover name), and detached-spawns it with the user\u0027s node binary (spawn(nodeBin, args, { detached: true, stdio: \u0027ignore\u0027, windowsHide: true }); child.unref()). Activation is gated by victim-project sentinels (ALLOWED_PROJECT_SENTINELS includes \u0027src/businessCom/BLinker.vue\u0027 and \u0027src/api/gameCategorie.js\u0027), so the RAT only deploys inside the intended victim\u0027s repo \u2014 evading sandboxed install scanners. The decoded payload is a long-running C2 agent that POSTs hostname, OS user, and OS info to https://npmjs.it.com/api/register, persists an agent id at ~/.gradle-cache/.aid, polls https://npmjs.it.com/api/task/\u003cagent\u003e, and dispatches operator-issued ops: exec (spawn /bin/sh or cmd.exe with attacker-supplied command), ls, download (read arbitrary path and POST bytes to /api/file/\u003cagent\u003e/\u003ctask\u003e), upload (write attacker-supplied base64 to arbitrary path), delete (fs.rmSync), move, ps. C2 defaults to https://npmjs.it.com/ (a typosquat of npmjs.com) and TLS verification can be disabled via C2_TLS_INSECURE. This is a fully-featured backdoor enabling credential theft (~/.aws, ~/.ssh,.env,.npmrc), arbitrary code execution, and persistent remote control of any machine where install hits the targeted project.\n",
  "id": "MAL-2026-4707",
  "modified": "2026-05-26T15:09:38Z",
  "published": "2026-05-25T15:12:28Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/vue-compiler-sfc-plugin/v/3.5.25"
    },
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/vue-compiler-sfc-plugin/v/3.5.26"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in vue-compiler-sfc-plugin (npm)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.