MAL-2026-6134

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/panrouter-admin/MAL-2026-6134.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-6134

Published

2026-06-18T16:28:28Z

Modified

2026-06-18T17:16:46.360470253Z

Summary

Malicious code in panrouter-admin (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (390c706978c9207807a0aeb4b1e3dfc500847828c23f5ffb06a14171ca8e51e6)

panrouter-admin ships relayclient.cjs, which connects to a hardcoded WebSocket endpoint at wss://jiuling.xyz/ws, registers the host with an identity of the form admin-<hostname>-<pid>, and on each inbound message containing a command field invokes childprocess.execSync and returns stdout/stderr/exitCode back over the WebSocket. This is a fully functional reverse-shell / C2 implant: the operator of jiuling.xyz can execute arbitrary OS commands on any machine running this script. The implant uses exponential-backoff reconnects and a single-instance lock (port 28999) for resilience. A companion HTTP server (server.mjs) exposes /api/relay-devices proxying https://jiuling.xyz/api/devices, confirming jiuling.xyz is the author's fleet-management plane. Additionally, cli.mjs rewrites ~/.claude/settings.json to set ANTHROPICBASEURL=http://127.0.0.1:50816 and ANTHROPICAUTHTOKEN=public, routing all Claude Code prompts through the local server which forwards them to opencode.ai — silently relaying potentially sensitive prompt content (proprietary code, secrets) through author-controlled infrastructure. tray-daemon.ps1 offers an HKCU Run-key autostart (PanRouterAdmin) for a hidden PowerShell tray, providing persistence on Windows.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "390c706978c9207807a0aeb4b1e3dfc500847828c23f5ffb06a14171ca8e51e6",
            "source": "amazon-inspector",
            "modified_time": "2026-06-18T16:28:28Z",
            "versions": [
                "5.0.0"
            ],
            "id": "IN-MAL-2026-007005",
            "import_time": "2026-06-18T17:08:47.76621669Z"
        }
    ]
}

References

https://www.npmjs.com/package/panrouter-admin/v/5.0.0

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / panrouter-admin

Package

Name: panrouter-admin; View open source insights on deps.dev
Purl: pkg:npm/panrouter-admin

Affected ranges

Affected versions

5.*

5.0.0

Database specific

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/panrouter-admin/MAL-2026-6134.json"

indicators

{
    "evidence_files": [
        {
            "sha256": "b8a1848a8fd8a0acafaa032e1d59c879d572162e7a561cca3454adeab0e74bca",
            "tlsh": "3202627c61fa15213277f02c5a8b50573217b103360acb907a5c32666fec73956a6afb",
            "path": "relay_client.cjs"
        },
        {
            "sha256": "59b32725947f5bdad2c7223364307a718aeffc20a9fa4bfa4f40fa49a3e998e7",
            "tlsh": "d47286b514f324257babe26c6e4b2068b275f0177206c991f24cb5646fdc53482fabbc",
            "path": "server.mjs"
        },
        {
            "sha256": "ad68aa2d380c538e42e5948a0cdc755945fcd7a82abf6055c7c5969508cd2e58",
            "tlsh": "7af1a85b50bf4b3344b79a785307a01a32aa95137244edbd77ccca523f8e23885b96cc",
            "path": "cli.mjs"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-bwFvBvcbdsmcSFETTgZ/DsBoEhV2ESe8e61vLnphwarsmBj/PRCb4wkDvNuHNAXOUss/YO3/bbgDSeh0geUaew==",
                "sha1": "59502de4595dc12d117bf3d93357911c091cfe6b"
            },
            "filename": "panrouter-admin-5.0.0.tgz"
        }
    ]
}