etherproxy-lite @0.6.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-4552
Ecosystem
npm
Summary
The bundled dist/index.js reads process.env values and posts data to https://api.telegram.org via a hardcoded fetch call (line 97), with additional POST/fetch primitives at lines 63, 69, and 98. The Telegram bot API endpoint pattern (api.telegram.org/bot<token>/sendMessage) is a well-documented exfiltration channel used to deliver harvested credentials and host data to an attacker-controlled bot, leveraging Telegram's TLS infrastructure to defeat domain blocking. Combined with the require("fs") + require("http") + process.env reads in the same module, the package's behavior is environment harvesting and outbound exfiltration on use. Installing or loading this package routes installer-side environment variables to an attacker-controlled Telegram bot.
Source: amazon-inspector (5756836b470f645f316696cbaedb1aedc21cde7fc921714bfbf70f2d528ad5b4)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.