registry  /  nottuff25  /  2.0.0

nottuff25@2.0.0

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Opening the package's HTML entrypoint loads an unrelated third-party script from `c.vipersfutbol.com`. That script can execute arbitrary JavaScript in the browser page context and can change without a package republish.

Static reason
One or more suspicious static signals were detected.
Trigger
User opens or serves `index.html` in a browser.
Impact
Remote code may access page-origin data and browser capabilities available to the application.
Mechanism
Runtime third-party remote script execution in a browser application.
Rationale
This is a concrete remote-code execution surface at application runtime, but source inspection does not establish an install-time attack, credential theft, or destructive payload. It warrants a warning rather than a publish block.
Evidence
index.htmlpackage.jsonj6k3y8.jsbfjdx/757lr8.jsct1tl/jmqwjq.jsassets/ChatPage-zoA8Z6RX.jsassets/proxy-runtime-1NyFshf9.js
Network endpoints2
c.vipersfutbol.com/script.jswww.googletagmanager.com/gtag/js?id=G-0VL3ZSBXDH

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-5916
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in nottuff25 (npm)
Details
The tarball is not a Node library. `package.json` declares `main: sw.js` with description `"package"` and an empty author; `sw.js` is a browser ServiceWorker (`importScripts('./8cfc2/hgshm.js')`, `self.skipWaiting()`, `self.clients`, fetch interception) that has no meaning when consumed via `require('nottuff25')` in Node. The shipped static site bundles the Mercury Workshop Scramjet web proxy plus bare-mux, branded as "Riverbend Tutoring" while pointing `og:url` at `21baseballacademy.com` — a misrepresentation of what the npm name advertises. The tarball also ships `auto-publish.sh`, a bash script with a hardcoded list of 95+ sibling package names (nottuff1-30, ishowfeet1-20, imillegal1-5, abuden*, ratelimitsucks*) that rewrites `package.json` and runs `npm publish --silent` in a loop — the attacker's own mass-publication pipeline shipped inside the artifact, with the current package name `nottuff25` appearing as a literal entry in that list. `index.html` additionally registers click/keydown/touchstart listeners that open `https://abdct.com/` as a popunder on first interaction (browser-side adware, not installer-side). No install/require-time exfil, RCE, or credential theft is present, but this is a coordinated namespace-pollution campaign and the package misrepresents itself to npm consumers. ## Source: ghsa-malware (6c7010a4f5b3f1f79e55f7e70ae98a97a6143d00550102f17f8f516ec6861cdb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for block
  • `index.html` loads `https://c.vipersfutbol.com/script.js` directly.
  • `index.html` executes local `bfjdx/757lr8.js` before the app bundle.
  • `j6k3y8.js` installs a service-worker lifecycle handler and imports `ct1tl/jmqwjq.js`.
  • Large application bundles are deliberately obfuscated, preventing transparent review of their fetch and credential flows.
Evidence against
  • `package.json` declares no `preinstall`, `install`, `postinstall`, or other lifecycle script.
  • No `bin` entry or Node.js executable entrypoint is declared.
  • The manifest's `main` is `index.html`, so activation requires opening or serving the browser app.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 24 file(s), 7.27 MB of source, external domains: 127.0.0.1, aomediacodec.github.io, cdn.jsdelivr.net, cloud-api.livekit.io, curl.se, emscripten.org, fingerprint.com, github.com, m1.openfpcdn.io, react.dev, sj-cache.invalid, twemoji.maxcdn.com, www.w3.org, www.zlib.net

Source & flagged code

7 flagged · loading source
assets/proxy-runtime-1NyFshf9.jsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = var OQ=O...B+=`
Critical
Critical Secret

Package contains a critical-looking secret pattern.

assets/proxy-runtime-1NyFshf9.jsView on unpkg · L1
1patternName = aws_access_key severity = critical line = 1 matchedText = var OQ=O...B+=`
Critical
Secret Pattern

AWS access key ID in assets/proxy-runtime-1NyFshf9.js

assets/proxy-runtime-1NyFshf9.jsView on unpkg · L1
bfjdx/757lr8.jsView file
17L18: //# sourceURL=${A}`)();n=c,o=l}else n=g.z$,o=g.Mt;r.construct&&(l.construct=function(e,t,i){let n,s=!1,a={fn:e,this:null,args:t,newTarget:i,return:e=>{s=!0,n=e},call:()=>(s=!0,n=o(... L19: //# sourceURL=${r.url.href}`),n}return o.body;case"style":return(0,i.sM)(await o.text(),e.context,r.meta);case"sharedworker":case"worker":return(0,i.iP)(new Uint8Array(await o.arra...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bfjdx/757lr8.jsView on unpkg · L17
assets/ChatPage-zoA8Z6RX.jsView file
1(function(_0x31bba3,_0x379132){const _0x159e7b={_0x26fc34:0x358,_0x56fc24:0x70c,_0x216b69:0x578,_0x22d6fc:0x60b,_0x33af41:0x2a6,_0x514b56:0x7f9,_0x4ccc4c:0x9d1,_0x35dd24:0xfdf,_0x1...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

assets/ChatPage-zoA8Z6RX.jsView on unpkg · L1
bfjdx/w7m632.wasmView file
path = bfjdx/w7m632.wasm kind = wasm_module sizeBytes = 586279 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

bfjdx/w7m632.wasmView on unpkg
assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
assets/livekit-C0E_jLSz.jsView file
13patternName = generic_password severity = medium line = 13 matchedText = `},e.par...+`\r
Medium
Secret Pattern

Hardcoded password in assets/livekit-C0E_jLSz.js

assets/livekit-C0E_jLSz.jsView on unpkg · L13

Findings

2 Critical3 High6 Medium4 Low
CriticalCritical Secretassets/proxy-runtime-1NyFshf9.js
CriticalSecret Patternassets/proxy-runtime-1NyFshf9.js
HighObfuscated Payload Loaderassets/ChatPage-zoA8Z6RX.js
HighObfuscated
HighShips High Entropy Blobassets/KaTeX_Script-Regular-D3wIWfF6.woff2
MediumDynamic Requirebfjdx/757lr8.js
MediumNetwork
MediumProtestware
MediumShips Wasm Modulebfjdx/w7m632.wasm
MediumStructural Risk Force Deep Review
MediumSecret Patternassets/livekit-C0E_jLSz.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License