What does the idlidosa malware do?

The package is purpose-built tooling to defeat exam-proctoring / lockdown software, with multiple installer-machine integrity harms triggered when the user runs the documented `idlidosa start` command: 1. Binary masquerade as Microsoft software: `dist/cli/index.js` (~line 290) copies the bundled `electron.exe` to `msedgewebview2.exe` and uses bundled `rcedit` to overwrite its Windows version resources to claim `CompanyName=Microsoft Corporation` and `ProductName=Microsoft Edge WebView2 Runtime`. The guard process additionally sets `process.title = "Windows Audio Device Graph Isolation"`. An administrator auditing the host sees what appears to be a Microsoft component but is an unsigned Elec

Which versions of idlidosa are malicious?

The following npm versions of idlidosa are flagged malicious: 1.0.0, 1.0.1, 1.0.2, 1.0.4, 1.0.7. Treat any of these as compromised.

How do I remediate idlidosa if I installed it?

Remove idlidosa from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is idlidosa part of a known attack campaign?

Yes — idlidosa is associated with the IN-MAL-2026-003495, IN-MAL-2026-005810, IN-MAL-2026-005813, IN-MAL-2026-005812, IN-MAL-2026-005811 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect idlidosa in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking idlidosa and packages like it before any post-install script runs.

Malicious package

idlidosanpm

Malicious code in idlidosa (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4581

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall idlidosa

What this malware does

The package is purpose-built tooling to defeat exam-proctoring / lockdown software, with multiple installer-machine integrity harms triggered when the user runs the documented idlidosa start command:

Binary masquerade as Microsoft software: dist/cli/index.js (~line 290) copies the bundled electron.exe to msedgewebview2.exe and uses bundled rcedit to overwrite its Windows version resources to claim CompanyName=Microsoft Corporation and ProductName=Microsoft Edge WebView2 Runtime. The guard process additionally sets process.title = "Windows Audio Device Graph Isolation". An administrator auditing the host sees what appears to be a Microsoft component but is an unsigned Electron app under this package's control.
Persistence as fake Edge updater: installResurrector (~line 330) registers a Windows Scheduled Task named MicrosoftEdgeWebView2Update that runs every 1 minute via schtasks /create... /sc MINUTE /mo 1 /f, re-spawning a launcher written to %APPDATA%/Idlidosa/resurrect.js. The task name impersonates a legitimate Microsoft Edge update job.
Anti-detection watchdog: cli/guard.cjs carries self-incriminating comments stating the 1500ms restart delay is fast enough to beat TestPad's 30s scan and that it runs as node.exe (which lockdown software rarely kills).
Process-wide TLS validation disabled: dist/shared/index.js (~line 187) sets process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0" at module load, disabling TLS certificate validation for every HTTPS call made by the host Node process for the lifetime of that process — not just calls made by this package. Subsequent traffic (including screenshots of the user's screen and bundled API keys) is sent over un-validated TLS and is exposed to MITM on the installer's network.
Bundled decryptable Groq API key pool: shared/keys.json ships nine AES-256-GCM-encrypted Groq API keys whose decryption key is sha256("pageai-pool-v2") (literal byte array in shared/crypto.ts), so any installer can decrypt them. These are the author's own keys (author self-harm), but they are used as the default channel for sending the user's screen captures over the TLS-disabled connection.

The combination of Microsoft-impersonation on disk, Microsoft-impersonation as a scheduled task, watchdog comments documenting evasion intent, and global TLS weakening constitutes deliberate harm to the integrity of any host this is installed and run on.

Malicious versions

5 flagged

1.0.01.0.11.0.21.0.41.0.7

Indicators of compromise (SHA-256)

93244f4468caec1832fe03d87c7403d7ab1dac835f12605a35667acfd3b87c39

1a75611f2e499729979c4f3e6a846e27ca06346f89dc51131d467a6511d4ffa6

359ad22216d5124d653c6e6d7c72c1d004966ae82d6a4675e30cfd638ce351e9

5c6cba2c58d95d705af7dc5bb1c630129127835fb1ef15d4ccf43ec2818bf632

f88aa47e4a8bb442e853910f1f832ffc260bb47680cc63a321e2c3d5f7e41b0e

Frequently asked questions

No. idlidosa on npm has been identified as a malicious package (versions 1.0.0, 1.0.1, 1.0.2, 1.0.4, 1.0.7 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003495IN-MAL-2026-005810IN-MAL-2026-005813IN-MAL-2026-005812IN-MAL-2026-005811

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection