registry  /  @ibrahim1337/baksen  /  2.1.1

@ibrahim1337/baksen@2.1.1

hadiyapic

AI Security Review

scanned 5d ago · by lpm-firewall-ai

The package is a Windows-only Chromium credential extraction tool shipped as bytecode plus a native addon. It can read/decrypt browser cookies and saved passwords and write them to local output files.

Static reason
One or more suspicious static signals were detected.
Trigger
Running the baksen CLI or requiring index.js with package entry behavior
Impact
Disclosure of browser session cookies and saved passwords from Chrome, Brave, Edge, Opera, and Opera GX
Mechanism
Chromium cookie/password harvesting via Local State keys, SQLite browser databases, debug/process APIs, and native decryption
Attack narrative
On user invocation, cli.js loads index.js, which loads hidden bytenode bytecode. The bytecode locates Chromium-family browsers, kills browser processes, reads Local State and SQLite cookie/password stores, obtains/decrypts master/app-bound keys using the native Windows addon, then writes harvested cookies and passwords to local files. The native addon contains process debugging and Windows crypto APIs used to bypass Chromium protections.
Rationale
Source and string inspection confirms a purpose-built browser credential harvesting capability, not merely benign package functionality. Even without install-time execution or observed exfiltration, extracting cookies and saved passwords is concrete malicious behavior for an npm package firewall.
Evidence
package.jsoncli.jsindex.jsindex.jscsrc/license.jscbuild/Release/debugelevator.nodeLocal StateNetwork/CookiesLogin Data_cookies/*.txt_passwords/*.txt.baksen_cache
Network endpoints1
raw.githubusercontent.com/tabo1337/SaatPCBKod/refs/heads/main/key.txt

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-6575
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @ibrahim1337/baksen (npm)
Details
Package @ibrahim1337/baksen ships a Windows x64 infostealer toolkit that targets Chromium-family browsers (Chrome, Brave, Edge, Opera, Opera GX) on the machine running the CLI. The JS layer enumerates browser profile directories and reads the 'Local State', 'Cookies', and 'Login Data' SQLite databases, executing queries such as `SELECT origin_url, username_value, password_value FROM logins` and `SELECT host_key, name, encrypted_value,... FROM cookies`. It extracts the AES master key and the Chrome v20 `os_crypt.app_bound_encrypted_key` from Local State, then decrypts cookies and saved passwords with AES-256-GCM and writes the plaintext credentials to local `_cookies/` and `_passwords/` directories. A bundled opaque Windows native addon `build/Release/debugelevator.node` (declared in package.json `files`, `os: win32`, `cpu: x64`) performs the App-Bound key elevation — the documented technique used by recent Chromium infostealers to bypass Chrome v20 encryption. Strings inside the bundle include 'DebugElevator - scanning all detected browsers', 'Launching... browser(s) in parallel for App-Bound key', and 'APP-KEY'. A license module fetches an allowlist of valid keys from `https://raw.githubusercontent.com/tabo1337/SaatPCBKod/refs/heads/main/key.txt` (an account unrelated to the publisher) and caches the result at `~/.baksen_cache`, indicating a sold/distributed hacktool model. Package metadata is placeholder ('hadiyapic' description, `github.com/yourusername/baksen` repository URL) with no legitimate provenance. Installing and running this package on a Windows host with any of the listed browsers results in extraction of saved passwords and session cookies — credential theft against the machine running it.

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js loads bytenode bytecode from index.jsc, hiding main logic from normal source review.
  • cli.js labels package as a Chromium Cookie Extractor and immediately requires index.js.
  • index.jsc strings show browser discovery, taskkill, Local State access, Cookies/Login Data SQLite queries, decryptCookie/decryptPassword, and output of cookies/passwords.
  • build/Release/debugelevator.node imports Windows debug/process and crypto APIs: CreateProcessW, WaitForDebugEvent, ReadProcessMemory, CryptUnprotectData, BCryptDecrypt.
  • src/license.jsc contacts a GitHub raw URL for license keys and writes a user-home cache.
Evidence against
  • package.json install script is only an echo and does not run the payload at install time.
  • No evidence of automatic remote exfiltration of harvested cookies/passwords; output appears local files/console.
  • Network endpoint observed is license validation, not credential upload.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 287 B of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.install = echo Prebuilt binary installed successfully
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.install = echo Prebuilt binary installed successfully
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
build/Release/debugelevator.nodeView file
path = build/Release/debugelevator.node kind = native_binary sizeBytes = 729088 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

build/Release/debugelevator.nodeView on unpkg
index.jscView file
path = index.jsc kind = node_bytecode sizeBytes = 49808 magicHex = [redacted]
High
Ships Node Bytecode

Package ships compiled Node/V8 bytecode artifacts.

index.jscView on unpkg

Findings

2 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
HighShips Node Bytecodeindex.jsc
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybuild/Release/debugelevator.node
LowNon Install Lifecycle Scripts
LowScripts Present