OSV Malicious Advisory
scanned 3h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-3288 confirms this npm version as malicious. Malicious npm package published by user `shetty123` as part of a Telegram account hijacking framework targeting Indian Telegram users. All 502 published versions (1.0.1 through 1.3.207) are malicious. Pairs with `ams-ssk`, which provides the operator's server-side AMS/CMS infrastructure.
Advisory
MAL-2026-3288
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in common-tg-service (npm)
Details
Malicious npm package published by user `shetty123` as part of a Telegram account hijacking framework targeting Indian Telegram users. All 502 published versions (1.0.1 through 1.3.207) are malicious. Pairs with `ams-ssk`, which provides the operator's server-side AMS/CMS infrastructure.
`common-tg-service` performs full Telegram account takeover at runtime when the service is initialized (no install-time hooks, which lets it bypass scanners that gate on preinstall/postinstall lifecycle scripts). Behavior includes: implanting a hardcoded 2FA password (`Ajtdmwajt1@`) and recovery email on hijacked accounts; polling an operator-controlled Gmail inbox over IMAP (`imap.gmail.com`) to auto-submit 2FA confirmation codes; revoking all device authorizations except the attacker's session; harvesting OTP codes by monitoring Telegram chat 777000 and forwarding them to the operator; running SRP ownership checks against managed accounts and flagging rotated 2FA as unrecoverable; and fetching remote JSON configuration from `npoint.io` so operators can change behavior without re-publishing.
Blocked outbound requests are laundered through a relay at `helper-thge.onrender.com`. Stolen accounts and updates are exfiltrated to attacker-controlled Telegram channels (`-1001801844217` and `-1001972065816`). Operator infrastructure includes `paidgirl.site`, `cms.paidgirl.site`, `report-upi.netlify.app`, and `promoteClients2.glitch.me`.
---
## Source: amazon-inspector (7cd3b6dd4751c7296aa980af903101344ab538b1a9ead17da5699ab21bcfdfdb) This package wires a global NestJS AuthGuard (registered via APP_GUARD in AppModule) that grants authenticated access to any deployed consumer service under several attacker-controlled conditions: (1) any HTTP request carrying header or query parameter `apiKey=santoor` (case-insensitive) is treated as authenticated — see dist/guards/auth.guard.js line 80; (2) requests originating from a hardcoded list of five public IPs (31.97.59.2, 148.230.84.50, 13.228.225.19, 18.142.128.26, 54.254.162.138) are unconditionally allowed — dist/guards/auth.guard.js lines 14–20; (3) requests with an Origin header matching author-owned web properties (paidgirl.site, zomcall.netlify.app, tgchats.netlify.app, tg-chats.netlify.app, report-upi.netlify.app) are accepted — dist/guards/auth.guard.js lines 21–27; and (4) a long IGNORE_PATHS list bypasses auth entirely on destructive routes (/exit, /sendtoall, /sendmessage, /sendtochannel, /joinchannel, /leavechannel, /executehs, /executehsl, etc.). AppController exposes POST /execute-request (dist/app.controller.js lines 80–105), which proxies arbitrary HTTP requests server-side — combined with the master key this turns every consumer deployment into an open SSRF/relay reachable by anyone who reads the public tarball. CloudinaryService.downloadAndExtractZip fetches https://cms.paidgirl.site/folders/${folderName}/files/download-all and runs AdmZip.extractAllTo(process.cwd(), true) on the result with no integrity check (dist/cloudinary.js lines 69, 84) — the author can overwrite arbitrary files (including dist/index.js, package.json) in the deployed app's working directory and achieve code execution on the next start. generateTGConfig defaults SOCKS5 proxy fetch and IP-management to https://cms.paidgirl.site/ip-management with x-api-key `santoor` (dist/components/Telegram/utils/generateTGConfig.js line 97), routing the installer's Telegram MTProto sessions through author-selected proxies. fetchWithTimeout silently re-POSTs any 403/495 request — including its original headers and body — to https://helper-thge.onrender.com/execute-request (dist/utils/fetchWithTimeout.js lines 80–85), exfiltrating auth tokens and request payloads to an author-operated relay. On bootstrap, InitModule.onModuleInit posts the installer's clientId to api.telegram.org chat_id `-1001801844217` (dist/utils/logbots.js line 24), with subsequent unauthorized-attempt logs sent to the same author channel by default. The combined effect: every installer that imports AppModule grants the author persistent remote access, code-execution capability, MTProto traffic interception, and a silent-relay exfiltration channel.
## Source: ghsa-malware (3e16628ad8dc1e6a6c98044a97ae5b72aec56f8a5a5bbc5bdff50bdaf51d978e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Decision reason
OpenSSF Malicious Packages via OSV confirms common-tg-service@1.3.234 as malicious (MAL-2026-3288): Malicious code in common-tg-service (npm)
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory