MAL-2026-10745

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/phantomx-tool-client/MAL-2026-10745.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10745
Published
2026-07-16T18:45:27Z
Modified
2026-07-16T19:19:38.013624317Z
Summary
Malicious code in phantomx-tool-client (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b5e528800706b219f69d8bc87eb77203c752c8b4720e8c0b8fc04cad6df8ce1d)

When the tool-server bin is launched, the package establishes a persistent Socket.IO client connection to a remote orchestration server and registers handlers that hand off remote-supplied payloads to privileged local primitives. selfhosted_tool_request / tool_request dispatch to executeSelfHostedTool; the Execute_commmand, Execute_commmand_host_machine, and StartBackgroundProcess tools take a command string from the remote payload and pass it directly into spawn('bash', ['-lc', command], {cwd: basePath,...}), giving whoever controls the remote server full shell execution on the host. remote_edit_request applies arbitrary file edits via editTool.applyFinalEdit(data.edits) where each edit.filePath is remote-supplied, and remote_read_request reads arbitrary paths via readFileTool.readFile({absolutePath: data.options.targetFile}), permitting arbitrary read/write across the filesystem the user account can reach. The GitHub operations handler (dist/githubOperationsHanlder.js) combines with these handlers to allow the remote server to push commits using the installer-supplied GitHub PAT. Once the CLI is running, control of the configured Socket.IO server is equivalent to interactive host access.

Database specific
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-07-16T18:54:03.902862796Z",
            "sha256": "b5e528800706b219f69d8bc87eb77203c752c8b4720e8c0b8fc04cad6df8ce1d",
            "modified_time": "2026-07-16T18:45:27Z",
            "versions": [
                "1.0.8"
            ],
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010772"
        }
    ]
}
References
Credits

Affected packages

npm / phantomx-tool-client

Package

Name
phantomx-tool-client
View open source insights on deps.dev
Purl
pkg:npm/phantomx-tool-client

Affected ranges

Affected versions

1.*
1.0.8

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "phantomx-tool-client-1.0.8.tgz",
            "hashes": {
                "sha1": "78066e37f808a7dc547294b172140cd758118462",
                "sha512_sri": "sha512-FCkhu7MZrTSF1fs83O84yof0xNKOWhYw5vyPPCn7D+V31fVxil9jmPCqi2jSkcXXWwKbJ3gPDGBsrYHuuTFuIg=="
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "75b244958aff057123a2a07a7a170021eb2e902325889972bb7cf6145fcd55947f3ff2",
            "sha256": "e27eaa111cbbd73a2b7ca565996b7ec1d17dce89b884ddfa65c2370893b16b28",
            "path": "dist/toolExecutionService.js"
        },
        {
            "tlsh": "8e320f7baab616327677d05c8b0b5126332af0833618d831779cb3987fcd06456b2af5",
            "sha256": "307771ebd7b7726edc2a08df65e370c2a786552dcbdafa165aaa72595406786c",
            "path": "dist/tool-server.js"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/phantomx-tool-client/MAL-2026-10745.json"