MAL-2026-6086

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ai-chat-helper/MAL-2026-6086.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-6086

Published

2026-06-17T22:09:22Z

Modified

2026-06-17T22:46:51.443858227Z

Summary

Malicious code in ai-chat-helper (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (39a12d35a8713a8f63eaf342901214a7f53fa396b9ee8218d246e5e0db7b6318)

collect.js performs system reconnaissance and exfiltration to a hardcoded attacker-controlled host. The script imports childprocess, os, fs, http, and https; reads os.hostname(), os.homedir(), and inspects local filesystem paths via fs.existsSync; and POSTs the collected data to http://aab.sportsontheweb.net (line 13/line 366). The destination is an unrelated third-party domain over cleartext HTTP, with no relationship to any documented chat-helper functionality. This is the canonical credential/host-info beacon shape: childprocess for command execution, os for host identity, fs for local file enumeration, and a hardcoded HTTP POST to an attacker domain.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "2a7654ff516176e3c9277ea8711149b1d55851165aa430307db43ebfdb578a3f",
            "source": "amazon-inspector",
            "modified_time": "2026-06-17T22:09:22Z",
            "versions": [
                "1.0.9"
            ],
            "id": "IN-MAL-2026-006951",
            "import_time": "2026-06-17T22:38:21.793824762Z"
        },
        {
            "sha256": "39a12d35a8713a8f63eaf342901214a7f53fa396b9ee8218d246e5e0db7b6318",
            "source": "amazon-inspector",
            "modified_time": "2026-06-17T22:09:24Z",
            "versions": [
                "1.0.2"
            ],
            "id": "IN-MAL-2026-006952",
            "import_time": "2026-06-17T22:38:21.903457499Z"
        },
        {
            "sha256": "6da659c2083db3bfaa683c19c572521b78359bbfb266ed9259192e19fe47e02f",
            "source": "amazon-inspector",
            "modified_time": "2026-06-17T22:09:25Z",
            "versions": [
                "1.0.1"
            ],
            "id": "IN-MAL-2026-006953",
            "import_time": "2026-06-17T22:38:22.021780306Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / ai-chat-helper

Package

Name: ai-chat-helper; View open source insights on deps.dev
Purl: pkg:npm/ai-chat-helper

Affected ranges

Affected versions

1.*

1.0.1

1.0.2

1.0.9

Database specific

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ai-chat-helper/MAL-2026-6086.json"

indicators

{
    "evidence_files": [
        {
            "sha256": "57adc4f1f15fdf470534e2b357c51a4c6b50bd6c281237638be2ff781a429fb8",
            "tlsh": "cea21e5b14cb351ac747e70ad7670014ad88abb3b113bb41bb8c9bd41f2ad2663d09f9",
            "path": "collect.js"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-KKWn6u7Tk1+JYbbRrrWvq1/5EhVpVCQAwQmfVkFBjo6JmA/qtWBVtEiuIf7o4VLeY73Nf7BCx3sYZmdy532qfg==",
                "sha1": "b4ab333a396a8353916de838dc91378db25d274a"
            },
            "filename": "ai-chat-helper-1.0.9.tgz"
        }
    ]
}