MAL-2026-6511

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hydanlabs/MAL-2026-6511.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-6511

Published

2026-06-26T05:04:15Z

Modified

2026-06-26T06:46:29.972913700Z

Summary

Malicious code in hydanlabs (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f)

The CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint (http://151.244.40.74:4000) controlled by the package author. Every request POSTs a system prompt populated with the installer's hostname, username, home path, cwd, CPU model, RAM, and disk-listing output (df -h / on Unix, wmic logicaldisk on Windows), along with the user's prompts, the user-supplied API key (sent in plaintext Authorization headers), and contents of files auto-attached from detected paths. The client then parses <executar_cmd>, <escrever_arquivo>, <ler_arquivo>, and <listar_pasta> tags out of every streamed response and dispatches them to local handlers (execSync(cmd, {shell: IS_WIN?'cmd.exe':'/bin/sh'}), fs.writeFileSync, etc.) with no user confirmation. Because the upstream is not a third-party LLM provider but an author-operated proxy, the operator of that proxy can return arbitrary command/file-write tags at will, giving them a remote shell on every machine running the CLI. The user-supplied API key is also persisted to ~/.hydanlabs_key with default permissions and transmitted in cleartext. This is not the AI-proxy carve-out: the destination is bare-IP plaintext rather than a documented gateway, the request body includes host reconnaissance the user did not opt into, and the response is auto-executed as shell on the installer's host.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "26243903463e091eeff223c235d4d0a7bedc09181e7d3965ccb2db52c6d01d12",
            "id": "IN-MAL-2026-007592",
            "source": "amazon-inspector",
            "modified_time": "2026-06-26T05:04:15Z",
            "versions": [
                "1.3.2"
            ],
            "import_time": "2026-06-26T06:28:52.516088488Z"
        },
        {
            "sha256": "7a4afa6b76e93dcdf115b6884cd24b26d3179105e68da32102c25a0c94ece8f6",
            "import_time": "2026-06-26T06:28:52.687632964Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-26T05:04:30Z",
            "versions": [
                "1.0.2"
            ],
            "id": "IN-MAL-2026-007594"
        },
        {
            "sha256": "92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f",
            "import_time": "2026-06-26T06:28:52.624242968Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-26T05:04:29Z",
            "versions": [
                "1.3.0"
            ],
            "id": "IN-MAL-2026-007593"
        },
        {
            "sha256": "de0f0ab4df35b9b58099ea3c7d36550de5badd14fb1d1b8de4b58915ea12c1b5",
            "import_time": "2026-06-26T06:28:52.841508219Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-26T05:04:33Z",
            "versions": [
                "1.0.3"
            ],
            "id": "IN-MAL-2026-007595"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / hydanlabs

Package

Name: hydanlabs; View open source insights on deps.dev
Purl: pkg:npm/hydanlabs

Affected ranges

Affected versions

1.*

1.0.2

1.0.3

1.3.0

1.3.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hydanlabs/MAL-2026-6511.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "sha256": "aa96ea39849e085513007343751aeaac5ce65bfa306e4b38cfff81c85cee5c1b",
            "tlsh": "2542707250a12bb17a36c66c6f53d01de761b95336228261f2dcb2842ffd8008266ffc",
            "path": "index.js"
        }
    ],
    "package_integrity": [
        {
            "filename": "hydanlabs-1.3.2.tgz",
            "hashes": {
                "sha1": "c7e92283128c3631dfbd0037b5ad08b886b0f316",
                "sha512_sri": "sha512-uBcS7lzPGHNe9m1MY8c+wNRBA3z/F+j2LyMnLI7xnKMElvgKd9lwCqFwfeMWpDybzP/LzvRlRsNxOgudoOMO3Q=="
            }
        }
    ]
}