npm

hehehee @1.0.9

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10462

Ecosystem

npm

Summary

Package metadata and README advertise a 'Windows diagnostic utility' / 'high-performance DOM utility', but the actual code (main.js) is a stealth Electron overlay designed to defeat Safe Exam Browser and similar proctoring tools. config.json ships a real-looking __Secure-next-auth.session-token JWE for chatgpt.com; main.js loads it at startup and injects it into a persist:chatgpt Electron session before navigating to chatgpt.com, so every screenshot/UIA-extracted text the tool sends through ChatGPT goes through a hardcoded account that the package author (or whoever harvested the cookie) controls and can read in conversation history. The bin (bin/kalamasha-tool.js) copies the bundled electron.exe to a sibling named SearchFilterHost.exe (the real Windows Search Filter Host system binary) inside node_modules/electron/dist and spawns it as a detached watchdog with randomised 1–25s respawn jitter, persisting under %LOCALAPPDATA%\Microsoft\Windows\Diagnostics (a path mimicking a Microsoft-owned directory) and only stopping when a .kill_watchdog file appears. The CLI also auto-runs npm install <missing> --no-save at runtime for missing native modules without user consent. The combination of fraudulent package description, process-name masquerade as a Windows system binary, persistence with anti-kill respawn, anti-proctor stealth (WDA_EXCLUDEFROMCAPTURE, anti-Alt-Tab styling, cross-desktop migration), and a hardcoded ChatGPT session that silently relays user screen content to a third-party account constitutes a clear supply-chain harm to anyone following the README's quick-start instructions.

Source: amazon-inspector (efc5c7d437f7024811aab8bf68e70fb18366e843a3ee3048dc3dfe628bde5628)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.