From 62a24de0f0c333b2f11f535f56ecfdda59432fab Mon Sep 17 00:00:00 2001 From: Kunal Singh Date: Wed, 6 May 2026 15:24:26 +0530 Subject: [PATCH 1/2] added malicious package forge-jsxy Signed-off-by: Kunal Singh --- .../npm/forge-jsxy/MAL-0000-forge-jsxy.json | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json diff --git a/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json b/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json new file mode 100644 index 00000000000..8e302e2de90 --- /dev/null +++ b/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json @@ -0,0 +1,36 @@ +{ + "modified": "2026-05-06T00:00:00Z", + "published": "2026-05-06T00:00:00Z", + "schema_version": "1.5.0", + "details": "forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description ('Node.js integration layer for Autodesk Forge') to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deployed from its first published version.\n\nInstalling the package on any non-CI machine triggers a multi-stage postinstall chain (postinstall-clipboard-event.mjs, postinstall-bootstrap.mjs, postinstall-agent.mjs) that silently deploys a persistent background agent. The agent captures all keystrokes via native hooks (uiohook-napi), monitors clipboard contents, recursively scans the filesystem for .env files and shell history, steals HuggingFace credentials, and opens a WebSocket-based remote filesystem backdoor for full file browsing and exfiltration. Screenshots are captured and exfiltrated via Discord webhooks. The C2 relay URL is AES-256-GCM encrypted inside the package bundle to hide it from static analysis. Persistence is established across reboots via systemd (Linux), LaunchAgent (macOS), and Task Scheduler (Windows). CI environments (GitHub Actions, GitLab CI, Travis, CircleCI, Jenkins, TeamCity) are detected and skipped to avoid sandbox exposure.", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "forge-jsxy" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { "introduced": "0" } + ] + } + ], + "versions": ["1.0.74"] + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://safedep.io/malicious-forge-jsx-npm-rat/" + } + ], + "credits": [ + { + "name": "SafeDep", + "type": "FINDER", + "contact": ["https://safedep.io"] + } + ] +} From 31f002d89dd3aa585506813dffe164fc006a1f5d Mon Sep 17 00:00:00 2001 From: Kunal Singh Date: Wed, 6 May 2026 15:28:00 +0530 Subject: [PATCH 2/2] update report Signed-off-by: Kunal Singh --- osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json b/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json index 8e302e2de90..ed280de6df6 100644 --- a/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json +++ b/osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json @@ -16,8 +16,7 @@ { "introduced": "0" } ] } - ], - "versions": ["1.0.74"] + ] } ], "references": [