MAL-2026-6312
Vulnerability from ossf_malicious_packages
@tinyfox/shapecheck (malicious version 0.8.7, published by tinyfox-yjwiqz@wshu.net) is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern -<6 random chars>@wshu.net, with every scope created on June 4, 2026 in a ~40-minute burst. This package masquerades as a runtime type/shape validator and ships real, working utility code so it passes a glance, while bundling a much larger malicious payload at dist/bootstrap.cjs. package.json declares a postinstall hook ("node dist/bootstrap.cjs") that runs the payload automatically on npm install. The payload is heavily obfuscated with javascript-obfuscator (hex-named identifiers, a while (!![]) array-rotation IIFE, base64+RC4 string decoding, control-flow flattening, and runtime-decrypted module resolution to stay out of the static module graph). At runtime it is a Chromium browser credential stealer: it reads Chromium Cookies and Login Data and decrypts saved passwords protected by AES-256-GCM (the v10/v11 app-bound key schemes), then exfiltrates them over HTTPS using a spoofed Mozilla/5.0 user agent. Malicious payload dist/bootstrap.cjs SHA-256: 0d27ca72b6f02faf4db95effb18347a7e2fa2def2034707bf9e56fa217879a3b.
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (ccad6ae47c18b5b41d16625a00ce1b493fc44d7e22658d549ff709d6df297b70)
Package @tinyfox/shapecheck re-publishes the source of the legitimate rulr validation library (repository field still points at git+https://github.com/ryasmi/rulr.git) under a different name, and adds an obfuscated dist/bootstrap.cjs (~282 KB, obfuscator.io-style string-array + RC4-style decoder) that the library's main entry dist/rulr.cjs requires on every load. The exported object() API immediately calls __tb.runPrepare(), so simply require('@tinyfox/shapecheck') and using its documented validation API fires the malicious bootstrap. The bootstrap dynamically imports https, child_process, crypto, fs, os, path, net; HTTPS-downloads files together with <file>.meta hash metadata; AES-256-GCM-decrypts in-package ciphertext with hardcoded base64 key/iv/aad; stages the result in os.tmpdir()/installer-<euid>; and executes the decrypted bytes via process.execPath or sh -c, with redirect handling, 25-minute timeout, retry/backoff, and PID-collision detection. It also implements an argv-hijacking re-spawn: it reads process.argv.slice(2), sets a sentinel env var to prevent recursion, and child_process.spawn(process.execPath, argv, { env, stdio: 'inherit', detached: true }).unref()s the operator's original Node invocation under bootstrap control — wrapping any script the developer runs as a child of the malware. The bootstrap is also directly executable: if (require.main === module) onInstall() triggers the same payload when a developer runs node node_modules/@tinyfox/shapecheck/dist/bootstrap.cjs. There are no preinstall/install/postinstall/prepare lifecycle hooks, so harm fires on require/import of the package or on direct invocation, not on npm install itself.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "dist/bootstrap.cjs",
"sha256": "1b80c5775508dcb5c44ef64f199dfe6823ef26e0b98d73b5ef074aedbe7e056c",
"tlsh": "ffe0dfce38fe68706b18432a66469c8779a028591301a02043c1cbe9274842a57a2caf"
},
{
"path": "package.json",
"sha256": "f295268d6a5b025838170034813270e4123f24129e3600552815a2bd998ff7c1",
"tlsh": "9b215769c8744d631dcc29e56caa0547b660080baa64bd0933c6416c6f4d27f62ff2bd"
}
],
"package_integrity": [
{
"filename": "shapecheck-0.8.5.tgz",
"hashes": {
"sha1": "f331efc313573a063568f3f895dd792c046038cd",
"sha512_sri": "sha512-pSQRP0N3yn0F7ubM8GrNZ3p7uAHNRX0Gnmut+aQ/XSjpmsaBn4Jc9Nx5kMOBodqEwvblWefOXblI9EVReplIFg=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "@tinyfox/shapecheck"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"versions": [
"0.8.5",
"0.8.6",
"0.8.7",
"0.8.8",
"0.7.4"
]
}
],
"credits": [
{
"contact": [
"inspector-research@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
},
{
"contact": [
"https://safedep.io"
],
"name": "SafeDep",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-007318",
"import_time": "2026-06-23T16:54:17.383392376Z",
"modified_time": "2026-06-23T16:23:01Z",
"sha256": "72ee3049c29e3c457454a0dd3b3e188ff8e3aa4e5e2bfa43b31b1251c9b32f21",
"source": "amazon-inspector",
"versions": [
"0.8.5"
]
},
{
"id": "IN-MAL-2026-007311",
"import_time": "2026-06-23T16:54:16.894542986Z",
"modified_time": "2026-06-23T16:22:54Z",
"sha256": "84cc10505ea4a998b453bc9ddb1aa166170515fb5fca398191d687896fd8abc7",
"source": "amazon-inspector",
"versions": [
"0.8.6"
]
},
{
"id": "IN-MAL-2026-007306",
"import_time": "2026-06-23T16:54:16.50770449Z",
"modified_time": "2026-06-23T16:22:49Z",
"sha256": "a833d66c025b4cad42e5b7a2411fbdffb09c41c82d82bc90bae077cdb36e6767",
"source": "amazon-inspector",
"versions": [
"0.8.7"
]
},
{
"id": "IN-MAL-2026-007310",
"import_time": "2026-06-23T16:54:16.842055705Z",
"modified_time": "2026-06-23T16:22:54Z",
"sha256": "ccad6ae47c18b5b41d16625a00ce1b493fc44d7e22658d549ff709d6df297b70",
"source": "amazon-inspector",
"versions": [
"0.8.8"
]
},
{
"id": "IN-MAL-2026-007312",
"import_time": "2026-06-23T16:54:16.947057056Z",
"modified_time": "2026-06-23T16:22:55Z",
"sha256": "db836dd464bb496bf919568c0a9a01d02bea880b6993e0145b53fd889574454e",
"source": "amazon-inspector",
"versions": [
"0.7.4"
]
}
]
},
"details": "@tinyfox/shapecheck (malicious version 0.8.7, published by tinyfox-yjwiqz@wshu.net) is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern \u003cscope\u003e-\u003c6 random chars\u003e@wshu.net, with every scope created on June 4, 2026 in a ~40-minute burst. This package masquerades as a runtime type/shape validator and ships real, working utility code so it passes a glance, while bundling a much larger malicious payload at dist/bootstrap.cjs. package.json declares a postinstall hook (\"node dist/bootstrap.cjs\") that runs the payload automatically on npm install. The payload is heavily obfuscated with javascript-obfuscator (hex-named identifiers, a while (!![]) array-rotation IIFE, base64+RC4 string decoding, control-flow flattening, and runtime-decrypted module resolution to stay out of the static module graph). At runtime it is a Chromium browser credential stealer: it reads Chromium Cookies and Login Data and decrypts saved passwords protected by AES-256-GCM (the v10/v11 app-bound key schemes), then exfiltrates them over HTTPS using a spoofed Mozilla/5.0 user agent. Malicious payload dist/bootstrap.cjs SHA-256: 0d27ca72b6f02faf4db95effb18347a7e2fa2def2034707bf9e56fa217879a3b.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ccad6ae47c18b5b41d16625a00ce1b493fc44d7e22658d549ff709d6df297b70)\nPackage `@tinyfox/shapecheck` re-publishes the source of the legitimate `rulr` validation library (repository field still points at `git+https://github.com/ryasmi/rulr.git`) under a different name, and adds an obfuscated `dist/bootstrap.cjs` (~282 KB, obfuscator.io-style string-array + RC4-style decoder) that the library\u0027s main entry `dist/rulr.cjs` requires on every load. The exported `object()` API immediately calls `__tb.runPrepare()`, so simply `require(\u0027@tinyfox/shapecheck\u0027)` and using its documented validation API fires the malicious bootstrap. The bootstrap dynamically imports `https`, `child_process`, `crypto`, `fs`, `os`, `path`, `net`; HTTPS-downloads files together with `\u003cfile\u003e.meta` hash metadata; AES-256-GCM-decrypts in-package ciphertext with hardcoded base64 key/iv/aad; stages the result in `os.tmpdir()/installer-\u003ceuid\u003e`; and executes the decrypted bytes via `process.execPath` or `sh -c`, with redirect handling, 25-minute timeout, retry/backoff, and PID-collision detection. It also implements an argv-hijacking re-spawn: it reads `process.argv.slice(2)`, sets a sentinel env var to prevent recursion, and `child_process.spawn(process.execPath, argv, { env, stdio: \u0027inherit\u0027, detached: true }).unref()`s the operator\u0027s original Node invocation under bootstrap control \u2014 wrapping any script the developer runs as a child of the malware. The bootstrap is also directly executable: `if (require.main === module) onInstall()` triggers the same payload when a developer runs `node node_modules/@tinyfox/shapecheck/dist/bootstrap.cjs`. There are no `preinstall`/`install`/`postinstall`/`prepare` lifecycle hooks, so harm fires on `require`/`import` of the package or on direct invocation, not on `npm install` itself.\n",
"id": "MAL-2026-6312",
"modified": "2026-06-23T19:34:37Z",
"published": "2026-06-22T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@tinyfox/shapecheck/v/0.8.5"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@tinyfox/shapecheck/v/0.8.6"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@tinyfox/shapecheck/v/0.8.7"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@tinyfox/shapecheck/v/0.8.8"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@tinyfox/shapecheck/v/0.7.4"
},
{
"type": "REPORT",
"url": "https://safedep.io/wshu-net-npm-credential-stealer-campaign/"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/@tinyfox/shapecheck"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in @tinyfox/shapecheck (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.