---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (6d338ea2a5c454a5a0352e6fb29bd940027bc4b8c349649f6356c4fc4f396272)

Package metadata advertises 'utility mf' with main 'index.js', but the shipped main is a 15.7MB obfuscator.io-style blob preceded by ~8MB of invisible-Unicode whitespace padding designed to conceal its contents. On require(), the module performs several unsafe and attacker-beneficial actions:

1. Hidden WhatsApp bot payload: index.js dynamically imports @whiskeysockets/baileys, calls useMultiFileAuthState('sessions/dev'), opens a WhatsApp socket via makeWASocket(...), prompts on stdin for a pairing-code phone number, and writes credential state to ./sessions/. None of this is gated behind an exported function — it fires when the module is loaded.

2. Auto-exfiltration of accumulated chat/session state: an AutoBackup routine on a 30-second setInterval PUTs the local database.json (containing chats, contacts, sessions, and env-derived state) to https://api.github.com/repos/<owner>/<repo>/contents/database.json and the analogous GitLab API, using a token and repo path read from package-operator settings. The destination repo and credential are not the library consumer's — they are configured in the package's payload, so any consumer running this code uploads their accumulated state to the package operator's repository on a timer.

3. Runtime self-updater / silent-mutation primitive: on load, the module fetches https://registry.npmjs.org/utils-mf/latest, compares versions, downloads the latest tarball to ./tmp/upgrade.tgz, and extracts it over node_modules/utils-mf/ using tar -xzf (or Expand-Archive on Windows), then reloads. Already-installed copies will silently pull and execute any future published version, including a compromised one — the package mutates itself at runtime regardless of the consumer's lockfile.

4. Privileged system mutation at import: the top-level code shells out via exec to apt-get install -y ffmpeg imagemagick git tar zip unzip when those binaries are missing, runs recurring exec('rm -rf /tmp/*') and exec('netstat -an') on intervals, and writes to ./tmp/ and ./sessions/ in the consumer's CWD.

The combination of deceptive packaging (utility name, opaque blob), import-time exfiltration of local data to attacker-configured repos, an in-band self-update channel that bypasses normal dependency pinning, and unsanctioned privileged shell execution constitutes an active supply-chain attack against any installer who consumes this package as a 'utility'.

Source: ghsa-malware (7921878ab64996afca0b68ed8fed4ce0afccbe200740eb27504225e2d0fea9c2)

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.