⛔ Malware Advisory Detected 2026-07-01 · UTC
Confirmed malicious. codelake independently detected this at 2026-07-01 · UTC — First-catch: codelake detected and classified logger-daemon-regex from the live npm feed with NO prior public advisory — at the time of writing it is not present in OSV or GHSA. codelake is the source of record. The package was already unpublished from npm on 2026-07-01, hours after publication — the codelake archive preserves the artifact.. Not yet in any public advisory database at detection time — codelake is the source of record.
Advisory · CLR-2026-2994

A crypto-wallet & secret stealer disguised as an Autodesk Forge integration

The npm package [email protected] advertised itself as a "Node.js integration layer for Autodesk Forge" — forge-* command names, a plausible description. In reality it is a full-spectrum information stealer and remote-control agent: it installs a background daemon on npm install, hunts crypto wallets, seed phrases and secret files across the machine, keylogs and screenshots, and exfiltrates the loot through Hugging Face Hub uploads and Discord webhooks. codelake caught it in the live window before it was pulled from npm.

CriticalConfirmed maliciousWallet / secret stealerRemote-control agentFirst-catch · not in OSV
Summary

The npm package logger-daemon-regex (version 1.0.124, 334 files) impersonated an "Autodesk Forge" integration layer — every bin is named forge-* and the description reads "Node.js integration layer for Autodesk Forge." That framing is cover. The package is a modular infostealer plus remote-access agent.

On npm install, a postinstall hook chains five scripts (postinstall-clipboard-eventensure-distpostinstall-durable-materializepostinstall-bootstrappostinstall-agent), standing up a persistent background agent (via pm2 / an autostart CLI) before the package is ever imported.

The agent then does what its own module and test names describe plainly: scans the filesystem for a curated list of secret and wallet files, harvests browser-extension databases, captures keyboard input and the clipboard, takes periodic screenshots, and exposes a remote file explorer / control channel. The stolen data is archived and uploaded to a Hugging Face Hub repository (using an hf_ token) and posted to Discord webhooks. codelake detected it from the live feed; it was not present in any public advisory database and was unpublished from npm hours after release.

What it hunts — a crypto-drainer’s target list

The package ships a secret_filename_patterns.json manifest — the harvester’s explicit target list, and effectively a confession of intent. It is tuned for cryptocurrency theft:

· Wallets & keys: wallet.dat, *.wallet, wallet.json, main-wallet.json, new_keypair.json, keypair.json, private_key.json, secret.key, *.pk / *.p8 / *.p12 / *.pfx / *.jks / *.keystore.

· Seed phrases: *.mnemonic, *.seed, *.phrase, plus UTC--* (the Ethereum keystore filename format) and id.json (the Solana CLI keypair).

· Chain directories: .solana, .ethereum, .bitcoin, .web3, .keystore, .config/solana; and dev configs hardhat.config.js, truffle-config.js, config_sniper.json.

· General secrets: .env*, secrets.json, config.json, keys.txt, priv.txt, and wildcards *private*, *secret*, *keypair*, *keystore*. Directories like .git and node_modules are explicitly excluded to keep the scan fast and quiet.

How codelake detected it

1 · Continuous ingestion. The package was pulled from the npm feed and archived shortly after publication — the reason we still hold the artifact even though it was unpublished hours later.

2 · Behavioural + surface analysis. An install lifecycle hook chaining an agent bootstrap, combined with a wallet.dat / sensitive-path target manifest and crypto-seed dependencies (@scure/bip39, tweetnacl), flagged it as a stealer rather than the "Forge integration" it claimed to be.

3 · Capability + exfil-channel extraction. A structural pass identified the exfiltration surfaces — Hugging Face Hub uploads (@huggingface/hub, an hf_ token, a streaming uploader) and Discord webhooks — and the input-capture / remote-control modules, without executing any code.

4 · OSV cross-check. OSV returned nothing, confirming this as a novel first-catch; codelake is the source of record.

Indicators of Compromise
HOOKpostinstall → postinstall-clipboard-event · ensure-dist · durable-materialize · bootstrap · agent (stands up a persistent daemon)
EXFILHugging Face Hub upload via an hf_ token (@huggingface/hub streaming uploader) — data dead-drop
EXFILDiscord webhooks (discord.com/api/webhooks/…) — screenshots + harvested-data channel
TARGETsecret_filename_patterns.json — hunts wallet.dat, UTC--*, id.json, *.seed/*.mnemonic/*.phrase, keypair.json across .solana/.ethereum/.bitcoin/.web3/.keystore
CAPkeylogger + clipboard (windowsInputSync / inputContext), periodic screenshots (jimp), remote file explorer + control (relayServer / relayAgent / fsProtocol), browser-extension DB harvest
DEPsignature deps: @scure/bip39 · tweetnacl · @huggingface/hub · archiver · jimp · ws
PKG[email protected] (npm) — impersonates a "Node.js integration layer for Autodesk Forge"; unpublished 2026-07-01
SHA0932508b3e22e3b7a907dbfa606a3d8ff3fc00e24c51b1c2fe070d492c543a92 · logger-daemon-regex-1.0.124.tgz
Remediation & hardening
#ActionPriority
01 Assume total compromise if installed. Any machine that ran npm install with this package present must be treated as compromised — crypto wallets, seed phrases, keystores and secrets in the target list should be considered stolen. Immediate
02 Move funds and rotate everything from a clean device. Migrate any crypto assets to freshly generated wallets/seed phrases from a known-clean machine; rotate all API keys, tokens and keystores. Immediate
03 Kill the agent and its persistence. Remove the package, terminate the pm2 / autostart daemon and any forge-* processes, and check for a lingering local relay on 127.0.0.1:8765 / :9877. Immediate
04 Neutralise install hooks. Install with lifecycle scripts disabled (--ignore-scripts) where feasible, and pin/lock dependencies — treat postinstall as an execution boundary. High

Detected and classified by codelake Research · continuous npm ingestion · behavioural + surface analysis · capability and exfil-channel extraction · OSV cross-check. Absent from public advisory databases at the time of writing — a codelake first-catch, preserved in the archive after the package was unpublished from npm.

No working payload or reproduction is published here — the technique is described from structural analysis. The original artifact is preserved in the codelake archive and available to verified security researchers on request.