Summary
Hardcoded proxy settings ('iLoveJavaScript', port 0) suggest malicious intent, potentially leading to MitM attacks. Package is classified as malware.
Details
The package contains hardcoded proxy settings with the hostname 'iLoveJavaScript' and port 0 in multiple files (connect.js, state_machine.js). This is highly suspicious and indicative of malicious intent, potentially designed to misconfigure proxy connections or redirect traffic through an unintended server, leading to a Man-in-the-Middle attack.
Evidences
| File | Title | Confidence | |
|---|---|---|---|
package/lib/cmap/connect.js | Suspicious SOCKS5 Proxy Configuration | Medium | |
package/lib/client-side-encryption/state_machine.js | Suspicious Hostname in Proxy Configuration | Medium |
Analysis performed at Analysis by