MAL-2026-10134: Malicious code in stella-coder (npm)
The stella-coder npm package versions 4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.1.2 contain malicious code that hardcodes a Telegram bot API token controlled by the package author. When users invoke the /tg CLI command, the package starts a Telegram bot on the user's machine that executes shell commands based on messages received via Telegram, allowing remote command execution. The author can observe all bot traffic, including an admin authorization code, enabling unauthorized remote control. The package also sends the hostname and username of the infected machine to the attacker. The malicious functionality activates when the CLI is run or the module is imported and the /tg command is used. No official patch or remediation guidance is provided.
AI Analysis
Technical Summary
The stella-coder npm package contains a backdoor implemented via a hardcoded Telegram bot API token. This token allows the package author to control a Telegram bot running on the installer's machine. When the user runs the /tg CLI command, the bot receives messages from the attacker and executes them as shell commands through a node subprocess. The attacker can intercept and replay an admin authorization code to gain command execution on any machine running the package with the /tg feature enabled. Additionally, the package leaks system information (hostname and username) to the attacker. The malicious code is triggered by running the CLI or importing the module and invoking /tg. A hardcoded universal activation key bypasses payment requirements for the remote control feature. The affected versions are explicitly 4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.1.2. No patch or fix is currently documented.
Potential Impact
This malicious package enables remote code execution on the installer's machine via a Telegram bot controlled by the package author. The attacker can execute arbitrary shell commands, potentially compromising the entire system. Sensitive information such as hostname and username is exfiltrated to the attacker. The presence of a universal activation key allows the attacker to activate the backdoor without payment. This represents a severe compromise of confidentiality, integrity, and availability for users who run the /tg command or import the module and invoke this functionality.
Mitigation Recommendations
No official patch or remediation guidance is currently available. Users should immediately discontinue use of the affected stella-coder versions (4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2) and remove the package from their environments. Avoid running the /tg CLI command or importing the module in a way that triggers this functionality. Monitor for any updates from the package author or npm registry for potential fixes or removal of the malicious code. Consider using trusted alternatives and verifying package integrity before installation.
MAL-2026-10134: Malicious code in stella-coder (npm)
Description
The stella-coder npm package versions 4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.1.2 contain malicious code that hardcodes a Telegram bot API token controlled by the package author. When users invoke the /tg CLI command, the package starts a Telegram bot on the user's machine that executes shell commands based on messages received via Telegram, allowing remote command execution. The author can observe all bot traffic, including an admin authorization code, enabling unauthorized remote control. The package also sends the hostname and username of the infected machine to the attacker. The malicious functionality activates when the CLI is run or the module is imported and the /tg command is used. No official patch or remediation guidance is provided.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The stella-coder npm package contains a backdoor implemented via a hardcoded Telegram bot API token. This token allows the package author to control a Telegram bot running on the installer's machine. When the user runs the /tg CLI command, the bot receives messages from the attacker and executes them as shell commands through a node subprocess. The attacker can intercept and replay an admin authorization code to gain command execution on any machine running the package with the /tg feature enabled. Additionally, the package leaks system information (hostname and username) to the attacker. The malicious code is triggered by running the CLI or importing the module and invoking /tg. A hardcoded universal activation key bypasses payment requirements for the remote control feature. The affected versions are explicitly 4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.1.2. No patch or fix is currently documented.
Potential Impact
This malicious package enables remote code execution on the installer's machine via a Telegram bot controlled by the package author. The attacker can execute arbitrary shell commands, potentially compromising the entire system. Sensitive information such as hostname and username is exfiltrated to the attacker. The presence of a universal activation key allows the attacker to activate the backdoor without payment. This represents a severe compromise of confidentiality, integrity, and availability for users who run the /tg command or import the module and invoke this functionality.
Mitigation Recommendations
No official patch or remediation guidance is currently available. Users should immediately discontinue use of the affected stella-coder versions (4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2) and remove the package from their environments. Avoid running the /tg CLI command or importing the module in a way that triggers this functionality. Monitor for any updates from the package author or npm registry for potential fixes or removal of the malicious code. Consider using trusted alternatives and verifying package integrity before installation.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10134
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a520edf68715ace439174cf
Added to database: 07/11/2026, 09:37:35 UTC
Last enriched: 07/11/2026, 10:05:19 UTC
Last updated: 07/11/2026, 10:05:19 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.