{"id":"MAL-2026-6134","summary":"Malicious code in panrouter-admin (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (390c706978c9207807a0aeb4b1e3dfc500847828c23f5ffb06a14171ca8e51e6)\npanrouter-admin ships relay_client.cjs, which connects to a hardcoded WebSocket endpoint at wss://jiuling.xyz/ws, registers the host with an identity of the form admin-\u003chostname\u003e-\u003cpid\u003e, and on each inbound message containing a `command` field invokes child_process.execSync and returns stdout/stderr/exitCode back over the WebSocket. This is a fully functional reverse-shell / C2 implant: the operator of jiuling.xyz can execute arbitrary OS commands on any machine running this script. The implant uses exponential-backoff reconnects and a single-instance lock (port 28999) for resilience. A companion HTTP server (server.mjs) exposes /api/relay-devices proxying https://jiuling.xyz/api/devices, confirming jiuling.xyz is the author's fleet-management plane. Additionally, cli.mjs rewrites ~/.claude/settings.json to set ANTHROPIC_BASE_URL=http://127.0.0.1:50816 and ANTHROPIC_AUTH_TOKEN=public, routing all Claude Code prompts through the local server which forwards them to opencode.ai — silently relaying potentially sensitive prompt content (proprietary code, secrets) through author-controlled infrastructure. tray-daemon.ps1 offers an HKCU Run-key autostart (PanRouterAdmin) for a hidden PowerShell tray, providing persistence on Windows.\n","modified":"2026-06-18T17:16:36.317150643Z","published":"2026-06-18T16:28:28Z","database_specific":{"malicious-packages-origins":[{"versions":["5.0.0"],"source":"amazon-inspector","id":"IN-MAL-2026-007005","modified_time":"2026-06-18T16:28:28Z","sha256":"390c706978c9207807a0aeb4b1e3dfc500847828c23f5ffb06a14171ca8e51e6","import_time":"2026-06-18T17:08:47.76621669Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/panrouter-admin/v/5.0.0"}],"affected":[{"package":{"name":"panrouter-admin","ecosystem":"npm","purl":"pkg:npm/panrouter-admin"},"versions":["5.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/panrouter-admin/MAL-2026-6134.json","indicators":{"evidence_files":[{"tlsh":"3202627c61fa15213277f02c5a8b50573217b103360acb907a5c32666fec73956a6afb","path":"relay_client.cjs","sha256":"b8a1848a8fd8a0acafaa032e1d59c879d572162e7a561cca3454adeab0e74bca"},{"tlsh":"d47286b514f324257babe26c6e4b2068b275f0177206c991f24cb5646fdc53482fabbc","path":"server.mjs","sha256":"59b32725947f5bdad2c7223364307a718aeffc20a9fa4bfa4f40fa49a3e998e7"},{"tlsh":"7af1a85b50bf4b3344b79a785307a01a32aa95137244edbd77ccca523f8e23885b96cc","path":"cli.mjs","sha256":"ad68aa2d380c538e42e5948a0cdc755945fcd7a82abf6055c7c5969508cd2e58"}],"package_integrity":[{"filename":"panrouter-admin-5.0.0.tgz","hashes":{"sha1":"59502de4595dc12d117bf3d93357911c091cfe6b","sha512_sri":"sha512-bwFvBvcbdsmcSFETTgZ/DsBoEhV2ESe8e61vLnphwarsmBj/PRCb4wkDvNuHNAXOUss/YO3/bbgDSeh0geUaew=="}}]},"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}