AI Security Review
scanned 12h ago · by lpm-firewall-aiBrowser execution of `px.js` immediately injects a fullscreen remote iframe. The embedded host can alter the delivered content without a package update.
Static reason
No blocking static signals were detected.
Trigger
Importing or including `px.js` in a browser page.
Impact
Hijacks the host page and exposes users to remotely controlled content.
Mechanism
Fullscreen page takeover via remote iframe injection.
Attack narrative
The package's main file executes on load, overlays the entire browser viewport, and embeds content from an external domain. The publisher helper supports rapidly replacing that domain and publishing/cache-purging updates, consistent with maintaining a remotely controlled redirect payload.
Rationale
This is concrete browser page hijacking and remote payload delivery, not an inert helper or benign dependency behavior.
Evidence
package.jsonpx.jsupdate_px8my.sh
Network endpoints2
mfmz.piolzo.cn/H.html?c=0gjrpurge.jsdelivr.net/npm/px8my/px.js
OSV Corroboration
OpenSSF/OSVAdvisory
MAL-2026-10104
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in px8my (npm)
Details
The package's main entry (px.js) is a browser-only script that creates a full-viewport iframe pointing at the hardcoded external URL https://mfmz.ywdyxn.cn/H.html?c=0gjr and appends it to document.body, hijacking any web page that loads this script via a CDN such as jsDelivr. The package ships no legitimate library API and would throw if require()'d in Node. The tarball also includes update_px8my.sh, an operator/rotation script that regex-replaces the redirect domain inside px.js, auto-bumps the patch version, runs npm publish, and then hits https://purge.jsdelivr.net/npm/px8my/px.js to force-refresh the CDN cache; a comment in that script notes that curl is blocked by the npm anti-abuse tool tirith. The combination — a hardcoded redirect payload plus a shipped domain-rotation/CDN-purge automation with an explicit anti-abuse-evasion note — establishes the package as a purpose-built malicious distribution vehicle abusing npm and jsDelivr to deliver browser redirects to end users of any site including this script.
## Source: ghsa-malware (78ae5dc7b5995ac8381a5716c7733e93d7de2c6500063fba58c05085cd03999d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- `px.js` runs immediately in a browser context and replaces the page with a fullscreen iframe.
- `px.js` loads `https://mfmz.piolzo.cn/H.html?c=0gjr`, giving a remote host control of displayed content.
- `px.js` uses a loading mask and highest z-index to conceal the host page.
- `update_px8my.sh` rotates the embedded domain, publishes a new package version, and purges the CDN cache.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- No credential harvesting, local file access, or child-process execution appears in the inspected runtime source.
Behavioral surface
HighEntropyStringsMinifiedTrivial
Source & flagged code
1 flagged · loading sourceupdate_px8my.shView file
•path = update_px8my.sh
kind = build_helper
sizeBytes = 1400
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
update_px8my.shView on unpkgFindings
1 Medium2 Low
MediumShips Build Helperupdate_px8my.sh
LowScripts Present
LowHigh Entropy Strings