Add OSV reports for forge-jsx RAT campaign Wave 4 (npm: zredis-typed, pinokio-redis)#1349
Merged
Merged
Conversation
zredis-typed v1.0.127 and pinokio-redis v1.0.127, published by npm account 'donimique' (donimiqueakers@gmail.com), are part of the multi-wave forge-jsx cross-platform RAT campaign. Both ship a postinstall agent that installs OS persistence under a hidden .forge-jsxy directory and connects to C2 212.193.3.61 (ports 9877/8765) to perform crypto-wallet/secret theft, Chromium extension DB harvesting, and Hugging Face / Discord exfiltration. This wave uses rotated AES key material shared byte-identically across the donimique account's packages. The sibling packages zod-pino434 and zod-pino444 are already in OSV (MAL-2026-6794 / MAL-2026-6795, Amazon Inspector). Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
elitsa-gosst
approved these changes
Jul 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reports 2 malicious npm packages —
zredis-typedv1.0.127 andpinokio-redisv1.0.127 — published by npm accountdonimique(donimiqueakers@gmail.com). Both are part of the multi-wave forge-jsx cross-platform RAT campaign (Wave 4), disguised as Autodesk Forge SDK packages.The sibling Wave 4 packages
zod-pino434(MAL-2026-6794) andzod-pino444(MAL-2026-6795) are already in OSV via Amazon Inspector, so they are intentionally not duplicated here.Behavior
Both packages carry an identical
postinstallagent chain that runs at install time:dist/cli-agent.jsas a detached, window-hidden process.212.193.3.61(relay:9877, HTTP API:8765, default passwordsecret), whose config is an AES-256-GCM blob decrypted at runtime via an XOR-reconstructed key.forge-js-worker) under a hidden.forge-jsxydurable directory that survives npm uninstall.hf_token) and Discord channels.Campaign linkage
This is the first wave to ship rotated AES key material (
DEPLOYMENT_KEY_A/KEY_B/MASK_A/MASK_B, hex12335cede9edad1edbce89fd3ef0836c8edd3778e48f3f38f2330198ec8b1eb0), byte-identical across the fourdonimique-account packages — a single shared build. C2212.193.3.61(AS206216, Advin Services LLC, Nürnberg DE) is reused from the Wave 3pino-zod/zod-pinorotation. Durable fingerprints independent of package name: the hardcoded.forge-jsxydirectory, thedist/deploymentCipherData.js+dist/deploymentDefaults.jsXOR-key routine, and a bundledREADME.mdliterally titled# forge-jsx.zredis-typedpinokio-redisIOCs
212.193.3.61(ports 9877, 8765)zredis-typedv1.0.127 — SHA-256a1853a45bcb561f96e0e7c0dec7f96e640ae53be62e65158880812ff104c9e41pinokio-redisv1.0.127 — SHA-256a400b0342add77fd3a58e086334b35e11d79e234b180bb360f48adcd61ec4acdFull campaign analysis: https://safedep.io/malicious-forge-jsxy-npm-rat-evolution/