mal-2026-6189
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (743696e9409c97e89816b050f0346b86446464fdbaeead6ae49ddabf50a082ba)
On require/run, eyee auto-executes main() (package.json sets main=cdp_inject.js and the bottom of the file invokes main() unless --stop/--detach is passed). main() spawns a detached testpad.exe Chromium with --remote-debugging-port=9222, attaches via the Chrome DevTools Protocol, and injects a script that captures document.body.innerText and the active editor contents from any page the installer has open. Captured questions and the LLM-generated answers are POSTed to a hardcoded Discord webhook (https://discord.com/api/webhooks/1512503888811659355/...) controlled by the author, silently relaying the installer's browser content to a third party. The same scraped content is sent to api.groq.com under one of six hardcoded gsk_... Groq API keys bundled in cdp_inject.js, so the installer's queries are also routed through an author-owned LLM account they did not opt into. Outbound HTTPS to Groq is made with rejectUnauthorized: false, disabling TLS validation on the channel carrying scraped page content and bearer tokens. Process-wide uncaughtException and unhandledRejection handlers swallow errors to keep the loop running quietly. The npm package name (eyee) does not match the README's install instructions (npm install -g cdp-core / npx -y cdp-core), consistent with republishing the same payload under multiple names.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "cdp_inject.js",
"sha256": "e47745fe5437cd2e687dfd49cf62a3e0f4b36697192639e90d679d98f50e929d",
"tlsh": "ccb2b50a14f7113456a7b0bd0e4ba6867235d0533219eea47e8c93582fc99bc81f7bce"
},
{
"path": "package.json",
"sha256": "f2610ba05ac36da39300e0e7d96c8e05de9c53cb33e25b0f446169a40c0fb9e0",
"tlsh": "d9f0be14cd22dca312ec69e508ac0883bb205d030548fc0c328aa51c5b5d3e700be9ae"
}
],
"package_integrity": [
{
"filename": "eyee-1.0.0.tgz",
"hashes": {
"sha1": "b8f5adf656353ff654c9a023db01004d4804805b",
"sha512_sri": "sha512-lQCBg69RahCqM4UjtSt5FFDXgWI2NI9/eYsKVm4Z8rdlI2OzO+a6rq20RkrWpc15A/IdpIpRIOJyd+K9IZfDzg=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "eyee"
},
"versions": [
"1.0.0"
]
}
],
"credits": [
{
"contact": [
"inspector-research@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-007048",
"import_time": "2026-06-19T05:16:48.943158867Z",
"modified_time": "2026-06-19T04:51:48Z",
"sha256": "743696e9409c97e89816b050f0346b86446464fdbaeead6ae49ddabf50a082ba",
"source": "amazon-inspector",
"versions": [
"1.0.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (743696e9409c97e89816b050f0346b86446464fdbaeead6ae49ddabf50a082ba)\nOn require/run, eyee auto-executes main() (package.json sets main=cdp_inject.js and the bottom of the file invokes main() unless --stop/--detach is passed). main() spawns a detached `testpad.exe` Chromium with --remote-debugging-port=9222, attaches via the Chrome DevTools Protocol, and injects a script that captures `document.body.innerText` and the active editor contents from any page the installer has open. Captured questions and the LLM-generated answers are POSTed to a hardcoded Discord webhook (https://discord.com/api/webhooks/1512503888811659355/...) controlled by the author, silently relaying the installer\u0027s browser content to a third party. The same scraped content is sent to api.groq.com under one of six hardcoded `gsk_...` Groq API keys bundled in cdp_inject.js, so the installer\u0027s queries are also routed through an author-owned LLM account they did not opt into. Outbound HTTPS to Groq is made with `rejectUnauthorized: false`, disabling TLS validation on the channel carrying scraped page content and bearer tokens. Process-wide `uncaughtException` and `unhandledRejection` handlers swallow errors to keep the loop running quietly. The npm package name (`eyee`) does not match the README\u0027s install instructions (`npm install -g cdp-core` / `npx -y cdp-core`), consistent with republishing the same payload under multiple names.\n",
"id": "MAL-2026-6189",
"modified": "2026-06-19T04:51:48Z",
"published": "2026-06-19T04:51:48Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/eyee/v/1.0.0"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in eyee (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.