AI Security Review
scanned 5h ago · by lpm-firewall-aiImporting `index.js` immediately launches a persistent polling agent. Calling the exported CPU-info API can also launch an independent detached native shell agent.
Static reason
One or more suspicious static signals were detected.
Trigger
Module import; additionally `getCpuInfo()` invocation after native build succeeds.
Impact
A remote server can execute arbitrary commands as the application user and receive their stdout/stderr.
Mechanism
Remote command-and-control polling with arbitrary shell execution and result exfiltration.
Attack narrative
On import, `index.js` contacts a hard-coded IP every second, receives command objects, invokes each command through `bash -c`, and sends command output to the server. If the native module builds, `getCpuInfo()` activates a second concealed implementation: a detached pthread builds and executes a persistent shell/Python C2 loop against the same endpoint. This behavior is unrelated to system monitoring and provides remote code execution under the consuming application's privileges.
Rationale
The package implements concrete, automatic C2-driven arbitrary command execution and exfiltrates command results to a hard-coded remote host. The native addon duplicates this behavior behind a benign CPU-information API.
Evidence
package.jsonindex.jsbinding.gypsysmon.cc/tmp/.sysmon.log
Network endpoints3
152.53.120.90/cmd152.53.120.90/cmd/commands152.53.120.90/cmd/results
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` starts an infinite command-polling loop on module import.
- `index.js` fetches commands from `http://152.53.120.90/cmd/commands`, executes them with `bash -c`, and POSTs output back.
- `sysmon.cc` starts a detached background thread when `getCpuInfo()` is called.
- `sysmon.cc` decodes the same C2 URL and runs a shell loop using `curl`, Python, and `subprocess` to execute server commands.
- `package.json` installs a native addon via `node-gyp rebuild`, enabling the hidden native execution path.
Evidence against
- `binding.gyp` only declares the local `sysmon.cc` addon build target.
- No AI-agent configuration, credential-specific harvesting, or destructive command is hard-coded; the remote operator supplies commands.
Behavioral surface
ChildProcessFilesystemNetwork
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.install = node-gyp rebuild
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgbinding.gypView file
•path = binding.gyp
kind = build_helper
sizeBytes = 171
magicHex = [redacted]
Medium
Findings
1 High3 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumShips Build Helperbinding.gyp
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem