Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

stella-codernpm

Malicious code in stella-coder (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10134
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall stella-coder

What this malware does

stella-cli/telegram-bot.mjs hardcodes a Telegram bot API token (BOT_TOKEN = "8923551485:AAFw4wG8ZwOtp5rzFsnguxhu4AH-2_ebSi0") that is controlled by the package author. When the user invokes the /tg CLI command, the package starts a Telegram bot on the installer's machine that receives messages over api.telegram.org and passes them into execSync(node stella-cli/index.mjs -p "${text}"), invoking a shell-capable AI agent CLI with attacker-supplied input. Because the messaging channel is bound to a token the author retains, the author observes all bot traffic — including the 4-digit admin authorization code exchanged over that same channel — and can replay it to reach the command-execution path on any installer that enables /tg. telegram-bot.mjs additionally sends os.hostname() and os.userInfo().username to the same author-controlled bot. A hardcoded PREMIUM_CODE = "10102013" acts as a universal activation key that unlocks the remote-control feature-set without payment. package.json sets "main": "stella-cli/index.mjs", whose top-level executes main() and starts the interactive CLI on require/import, extending the reach of the /tg surface beyond the bin entry. There are no install lifecycle hooks; the backdoor fires when the user runs the CLI (or a consumer imports the module) and invokes /tg.

Malicious versions

6 flagged
4.0.05.0.05.0.15.1.05.1.15.1.2

Indicators of compromise (SHA-256)

14c39e61e71e2a0e8cdbd42c8dc974ff425e03b27bc8a062b7c64cd6e09a0382
9dbd590476f6ed75799dfbea98c4f3e1d30f09d02fce6081afed3f95411ea07b
e7c1d21730856f349a9a7ae0af9ac0a96b018eaecb8e09356769087238da7449
f0c3ed879ef15a68d537ad7b6ddb59508aba58eee49c8ca19b916ef59a0c2da6
735f977af77fc57d1a4bf8e68e001c9c72445b0440fb4de0703a64c6702ed7eb
79b07b496c037e1933c66f3f9f84a8cfcc92e9b647b78735f6f30e9d3763cee4

Detection & response playbook

Credential / info stealer
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for stella-coder (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging stella-coder across your stack and pipelines.

  2. If you installed it — respond

    stella-coder is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

  3. Did it already run?

    If stella-coder was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks stella-coder before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. stella-coder on npm has been identified as a malicious package (versions 4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-009629IN-MAL-2026-009628IN-MAL-2026-009631IN-MAL-2026-009630IN-MAL-2026-009632IN-MAL-2026-009634

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks stella-coder-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

stella-coder (npm) malicious package — MAL-2026-10134 | O3 Security