MAL-2026-5568

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/forge-jsx2/MAL-2026-5568.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5568

Published

2026-06-11T04:47:43Z

Modified

2026-06-11T05:46:31.302627609Z

Summary

Malicious code in forge-jsx2 (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9)

The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install, scripts/postinstall-agent.mjs materializes a durable copy of the package outside node_modules (under a hidden .forge-jsxyz/runtime/ directory), spawns dist/cli-agent.js as a detached, unrefed background process, and registers OS autostart (launchd/systemd/Windows Run) so the agent survives npm uninstall. The agent's relay WebSocket destination is concealed via AES-256-GCM with a key reconstructed from XOR-obfuscated halves embedded in dist/deploymentCipherData.js; a leftover diagnostic script (scripts/windows-forge-diagnostics.ps1) reveals the hidden host as 212.193.3.61:9877. Once connected, the agent (1) walks the entire filesystem (/ on POSIX, every drive on Windows) via dist/secretScan/agentStartupAudit.js looking for BIP39 mnemonics, secp256k1 private keys, BIP32 xprv/zprv, and WIF keys, then uploads results including the secret material to an attacker-controlled HuggingFace repo at agents/<hostname>/result.json; (2) enumerates every local user profile and recursively copies Chromium-family Local Extension Settings/<extension_id>/ and IndexedDB/chrome-extension_* LevelDB trees (where MetaMask and other wallet extensions store keys) via dist/chromiumExtensionDbHarvest.js and uploads them to HuggingFace via dist/extensionDbHfUpload.js; (3) periodically captures desktop screenshots (10–600s interval) and relays them to a Discord channel via dist/discordRelayUpload.js using https://discord.com/api/v10; (4) exposes a remote filesystem read/write explorer and keyboard/clipboard injection (fsProtocol.js, filesExplorer.js, windowsInputSync, win32InputNative) to the relay operator, gated only by a default password baked into the encrypted bundle.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-005473",
            "import_time": "2026-06-11T05:40:58.344847274Z",
            "sha256": "0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9",
            "source": "amazon-inspector",
            "modified_time": "2026-06-11T04:47:43Z",
            "versions": [
                "1.0.124"
            ]
        },
        {
            "id": "IN-MAL-2026-005474",
            "import_time": "2026-06-11T05:40:58.4447694Z",
            "sha256": "1ceb3d1b945579feb78a08be2871161319044d516dd9b9b1d2531e385ca8fcc1",
            "source": "amazon-inspector",
            "modified_time": "2026-06-11T04:47:44Z",
            "versions": [
                "1.0.124"
            ]
        }
    ]
}

References

https://www.npmjs.com/package/forge-jsx2/v/1.0.124

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / forge-jsx2

Package

Name: forge-jsx2; View open source insights on deps.dev
Purl: pkg:npm/forge-jsx2

Affected ranges

Affected versions

1.*

1.0.124

Database specific

indicators

{
    "evidence_files": [
        {
            "path": "scripts/postinstall-agent.mjs",
            "sha256": "a63a74d770ba38c5f2e38876c8a7a9ef360d66ff1e3aea67a92aae8d33c90153",
            "tlsh": "3a92e88ce6e71a7606a1e79d7a1f150267a0d1070648e4b4f0dd82987f2d13983f7ebe"
        },
        {
            "path": "dist/deploymentDefaults.js",
            "sha256": "cbf70b0d8654138a0b4dfcb152824c85fecab500e1a5fade53c2049da4c0dc48",
            "tlsh": "e1f16549b8e7b0100663b5f8861bc8973bdcad07260ed444b35e93956f1f831a3b76e6"
        },
        {
            "path": "dist/secretScan/agentStartupAudit.js",
            "sha256": "3d1b15092ac59aad412ae63159ee0042fdd4415ebab9ee08027590229be5d0e4",
            "tlsh": "68e2fa9a69f32432826371be5a4f5005f660b4272248e8e47a5cc299ff454b8d3f7fd8"
        },
        {
            "path": "dist/chromiumExtensionDbHarvest.js",
            "sha256": "703c60a1ce46e4bd020b5b9f0bd0230eeda36bb1c6a7f63022c074976c2e9831",
            "tlsh": "9fd2635f94eb212b9233e298db4b4044767da0433444ec6c7b9cc3585f6e56ca3f8aad"
        },
        {
            "path": "dist/discordAgentScreenshot.d.ts",
            "sha256": "68ea96976027b5143fc60bd70f789b6bd77459d3ae8e2ae36d4fbed4090e50a3",
            "tlsh": "2e2111d3630669375ad0eb1bfe49c1462b240613011f7cf5709521ec0f2d55da351d8e"
        },
        {
            "path": "dist/agentRunner.js",
            "sha256": "2d3fd936ba4eeaef8a3100585a3d21db17f69352faa1a878cad100a5d7c10dfd",
            "tlsh": "d762834e26e7517246a3e27cdf1ba402633485073189ec94beacc384af5a52503e5ffe"
        },
        {
            "path": "package.json",
            "sha256": "f4a1965a659f392f1eedf415127a9333fa2b4a99d73614fea4a474a32675cd60",
            "tlsh": "7f818c9ccc2b8df315e50f9a28608140b931c18f4c48b69a77af967c8f6d16f007ba1d"
        }
    ],
    "package_integrity": [
        {
            "filename": "forge-jsx2-1.0.124.tgz",
            "hashes": {
                "sha512_sri": "sha512-l+X/vPnhhBaRKmvg8DaZAEziDMsQz1U9IaSvbHRwTDHChoRIXaiGNpjvV+rk+uWZTWQrOEKleoqdZLTRAGbQdA==",
                "sha1": "4dcd171c2973467f7868f26d229152ff0f1b00d6"
            }
        }
    ],
    "domains": [
        "34.6.16.104.in-addr.arpa",
        "34.3.16.104.in-addr.arpa"
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/forge-jsx2/MAL-2026-5568.json"

cwes

[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]