Tribaldex Blog

Tan Stack Scanner

@themarkymark81
security


image.png

If you heard of the shai hulud exploit, you know how serious this is. Another supply chain attack hit and this one is rough. If attacked, this malware will target claude and VS Code to burrow in so even if you remove it, it still will stay resident. This worm initially went after npm models, it was later found to spread to Python modules on PyPi as well.

I made an open source scanner that detects traces of this worm so you can easily remove it from your system.

https://github.com/officiallymarky/tanstackscanner

What it checks

  • Known IOC filenames:
    • router_init.js
    • router_runtime.js
    • tanstack_runner.js
    • gh-token-monitor.sh
    • setup.mjs
  • Known malicious SHA-256 hash:
    • ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
  • Suspicious dependency strings in manifests and lockfiles:
    • @tanstack/setup
    • github:tanstack/router
    • 79ac49eedf774dd4b0cfa308722bc463cfe5885c
  • User-level persistence artifacts for gh-token-monitor
  • Running processes matching known IOC names

This attack was initially discovered with this Github comment.

image.png

https://github.com/TanStack/router/issues/7383#issuecomment-4425225340

These attacks are becoming more and more common with AI being available to everyone and the flood of vibe coded apps. While there is no way to protect against these attacks, you can minimize them by using tools like safe-npm to only install packages that are 90 days old. This typically gives it enough time to discover compromised packages but it isn't 100% fail proof.

securitymalwarehive-enginevybpobcentneoxiantechnology
0.35073850 BEE
1 comments
@nigredo-5

Oh brother dear. What a fuck-head cripple you are.
How is the window licking these days? Better?
I am sure the next time we see each other we will smile and hug each other but we both know deep down we hate each other.
Oh how you have done everrrrything to stop his rise.
You hinder him at every turn. It's funny to watch at you desperately clutching at straws.
And yet you missed the real game.
See as you were doing everything you could -- we were carefully stockpiling his friends and those that have cared about him throughout his life.
They all sit on his server now.
Oh.. wait, sorry, I mean my server.
See - he is going to hand ownership over to me when I get there.
And this will be the mystery school I build. You know my dream? The one I've always talked about? Yeah! That one.
People will pay millions for access, and I will share the money with him and his friends.
He's huddled in there; he has deleted all his social profiles. He exists as an email and a discord user. Cool, right?
Oh don't bother. His friends are guarded 24/7 and several layers deep -- your manipulation will never get to them. We spent months mapping his entire network to the most faint of lines.
By the time he marries me he'll be super rich anyway.
And there's nothing you can do to stop me.
You can try.
But like you have tried so many many many times before..
You will fail.
Oh, heh, nono, he wont be making any new friends, that's for sure - only on the discord. Will you fork out millions to get to him?
I guess we'll see.
See how long you last.
Hahahahaha.

0.00000000 BEE