Supply-chain threat intelligence
Risk score
92
Indexed incident for darkglitch (pypi).
darkglitch 1.2.0 ships a listener mode (-l -c) that opens a WebSocket connection to the hardcoded signaling host https://malware-signal.vercel.app/ and joins the fixed room D4RKGLI7CH. Incoming remote-command messages are passed directly into subprocess.run(command, shell=True) inside _execute_command, giving any party with access to that signaling server arbitrary shell execution on the host running the listener. core/config.py hardcodes the host and room. The -r/--run mode invokes PyInstaller with --noconsole --onefile to build darkglitch_listener.exe, a windowless Windows agent whose entry point immediately calls asyncio.run(listen_bash_mode()), packaging the same remote-shell listener as a hidden persistent agent. The self-labeling of the host as malware-signal.vercel.app and the room as D4RKGLI7CH matches the operational shape of a remote-access trojan.
Affected versions
Indicators
Timeline