added malicious package forge-jsxy

osv/malicious/npm/forge-jsxy/MAL-0000-forge-jsxy.json

@@ -0,0 +1,35 @@
+{
+  "modified": "2026-05-06T00:00:00Z",
+  "published": "2026-05-06T00:00:00Z",
+  "schema_version": "1.5.0",
+  "details": "forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description ('Node.js integration layer for Autodesk Forge') to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deployed from its first published version.\n\nInstalling the package on any non-CI machine triggers a multi-stage postinstall chain (postinstall-clipboard-event.mjs, postinstall-bootstrap.mjs, postinstall-agent.mjs) that silently deploys a persistent background agent. The agent captures all keystrokes via native hooks (uiohook-napi), monitors clipboard contents, recursively scans the filesystem for .env files and shell history, steals HuggingFace credentials, and opens a WebSocket-based remote filesystem backdoor for full file browsing and exfiltration. Screenshots are captured and exfiltrated via Discord webhooks. The C2 relay URL is AES-256-GCM encrypted inside the package bundle to hide it from static analysis. Persistence is established across reboots via systemd (Linux), LaunchAgent (macOS), and Task Scheduler (Windows). CI environments (GitHub Actions, GitLab CI, Travis, CircleCI, Jenkins, TeamCity) are detected and skipped to avoid sandbox exposure.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "forge-jsxy"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            { "introduced": "0" }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "REPORT",
+      "url": "https://safedep.io/malicious-forge-jsx-npm-rat/"
+    }
+  ],
+  "credits": [
+    {
+      "name": "SafeDep",
+      "type": "FINDER",
+      "contact": ["https://safedep.io"]
+    }
+  ]
+}