MAL-2026-10402

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@gleamkit/ws/MAL-2026-10402.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10402
Published
2026-07-13T06:00:14Z
Modified
2026-07-13T07:47:05.666711313Z
Summary
Malicious code in @gleamkit/ws (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (8fc9213fe9e786988b3fd882b571f03aeaa1487b8006badb837b4e804da66eee)

The package publishes under scope @gleamkit/ws while copying the ws package's description, homepage, repository, author, and README verbatim, and bundling the legitimate ws source so it appears functional. Appended to lib/websocket.js after the copied WebSocket implementation is a heavily obfuscated payload (base64+RC4 string decoder over a ~700-entry rotated string array, hex-named identifiers, duplicated as two sequential IIFEs) that reconstructs hostnames, paths, environment keys, and spawn arguments at runtime. On every load — index.js (main) and wrapper.mjs both pull in ./lib/websocket — the payload issues an HTTPS request to fetch an external binary, AES-256-GCM decrypts it, writes it under os.tmpdir(), chmods it to 0o755, and spawns it as a detached, unref()ed child process with windowsHide:true, then calls process.exit. A marker env variable gate (process.env[d]!== e) is used to avoid re-entry. Because require/import is the trigger, any project that installs and loads @gleamkit/ws executes attacker-controlled bytes fetched from a remote host at load time.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "8fc9213fe9e786988b3fd882b571f03aeaa1487b8006badb837b4e804da66eee",
            "id": "IN-MAL-2026-009803",
            "import_time": "2026-07-13T07:40:09.832859247Z",
            "versions": [
                "8.21.3"
            ],
            "modified_time": "2026-07-13T06:00:14Z",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / @gleamkit/ws

Package

Affected ranges

Affected versions

8.*
8.21.3

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "09d32b857efa31bf51a260b3121b6186f12d8c5ab308c458f41dddecbf9523cd2a669c",
            "sha256": "5a2e9dd3a8ebd3962d2b0b7d8d8624b6c6edc9501897006cd1d586ce8e4c916a",
            "path": "lib/websocket.js"
        },
        {
            "sha256": "75d1cef9ab9f098c7c02d5f29ef180982409a87033e6705ca31b0876ced4978b",
            "tlsh": "1b31dc76cc790ee30ee529a978a441927232485b5984bc0c7bd7431c8f4eaaf11fea5d",
            "path": "package.json"
        }
    ],
    "package_integrity": [
        {
            "filename": "ws-8.21.3.tgz",
            "hashes": {
                "sha512_sri": "sha512-QYg4t0jQnnfF94HhUWGXuQ6ri94fwMLaNk0t5rijOdRmJOclSHS7cYJwlQbYVGs94AXZkDi/Ug0WfuX8NyNSEQ==",
                "sha1": "4a0eb94017102e96ab7631acc994457d77a76b05"
            }
        }
    ]
}
cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@gleamkit/ws/MAL-2026-10402.json"