Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time

Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a common format for Git commit hashes, truncated JWT tokens, API keys, or device IDs.

Source: GBHackers

Date:

20 May 2025

Categorie(s):

NEWS

Tag(s):

Bots, Chatbots, Cyber Security News, Malicious, Packages

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. – SWN #48720 June 2025
Jira tickets become attack vectors in PoC ‘living off AI’ attack20 June 2025
Anubis Ransomware Lists Disneyland Paris as New Victim20 June 2025
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware20 June 2025
Netflix, Apple, BofA websites hijacked with fake help-desk numbers20 June 2025