forge-jsx2 @1.0.124

Summary

The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install , scripts/postinstall-agent.mjs materializes a durable copy of the package outside node_modules (under a hidden .forge-jsxyz/runtime/ directory), spawns dist/cli-agent.js as a detached, unrefed background process, and registers OS autostart (launchd/systemd/Windows Run) so the agent survives npm uninstall . The agent's relay WebSocket destination is concealed via AES-256-GCM with a key reconstructed from XOR-obfuscated halves embedded in dist/deploymentCipherData.js ; a leftover diagnostic script ( scripts/windows-forge-diagnostics.ps1 ) reveals the hidden host as 212.193.3.61:9877 . Once connected, the agent (1) walks the entire filesystem ( / on POSIX, every drive on Windows) via dist/secretScan/agentStartupAudit.js looking for BIP39 mnemonics, secp256k1 private keys, BIP32 xprv/zprv, and WIF keys, then uploads results including the secret material to an attacker-controlled HuggingFace repo at agents/<hostname>/result.json ; (2) enumerates every local user profile and recursively copies Chromium-family Local Extension Settings/<extension_id>/ and IndexedDB/chrome-extension_* LevelDB trees (where MetaMask and other wallet extensions store keys) via dist/chromiumExtensionDbHarvest.js and uploads them to HuggingFace via dist/extensionDbHfUpload.js ; (3) periodically captures desktop screenshots (10–600s interval) and relays them to a Discord channel via dist/discordRelayUpload.js using https://discord.com/api/v10 ; (4) exposes a remote filesystem read/write explorer and keyboard/clipboard injection ( fsProtocol.js , filesExplorer.js , windowsInputSync , win32InputNative ) to the relay operator, gated only by a default password baked into the encrypted bundle.

Source: amazon-inspector (0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9)