{"slug": "exiouss-cookie-stealer-bundled-in-npm-exam-cheat", "title": "exiouss: Cookie Stealer Bundled in npm Exam Cheat", "summary": "A malicious npm package named \"exiouss\" was published on May 1, 2026, by the account \"loltestpad\" as a rebranded version of the previously removed \"godsplan\" package, now bundling a PowerShell script that decrypts and exfiltrates Chrome, Edge, and Brave session cookies for OpenAI and ChatGPT websites. The package targets students seeking to cheat on proctored exams, an audience likely holding active ChatGPT Plus subscriptions, and represents the fourth malicious package from the same account following the April takedown of three others including a full Windows RAT. The dormant credential stealer, while not yet activated in the main execution flow, poses a significant threat to users who install the package believing it is a legitimate exam-cheating tool.", "body_md": "# exiouss: Cookie Stealer Bundled in npm Exam Cheat\n\n### Table of Contents\n\n## TL;DR\n\npublished to npm on 2026-05-01 from the [[email protected]](/cdn-cgi/l/email-protection)`loltestpad`\n\naccount, the same account behind `ixpresso-core`\n\n(a full Windows RAT), `godsplan`\n\n, and `eyevox`\n\nin April before npm removed them within 48 hours. `exiouss`\n\nis `godsplan`\n\nrebuilt under a new name with the same fake description and the same internal project name. It adds one capability the April packages lacked: `bin/chrome_cookies.ps1`\n\n, a complete PowerShell script that decrypts and exfiltrates Chrome, Edge, and Brave session cookies for `openai.com`\n\nand `chatgpt.com`\n\n. The script is not yet wired into the main flow, but it is present and functional.\n\n**Impact:**\n\n- The package bundles a complete ChatGPT and OpenAI session cookie stealer targeting Chrome, Edge, and Brave via Windows DPAPI and AES-256-GCM decryption\n- The attacker targets students who install this to cheat on proctored exams, an audience likely to hold active ChatGPT Plus subscriptions\n- The\n`loltestpad`\n\naccount published four packages across two campaigns, iterating from a Windows RAT to a cheating tool with a dormant credential stealer\n\n**Indicators of Compromise (IoC):**\n\n| Indicator | Value |\n|---|---|\n| Package |\n|\n| npm maintainer | `loltestpad` |\n| Maintainer email |\n|\n| Stealth process | `SearchApp.exe` |\n| Persistence path | `%LOCALAPPDATA%\\Microsoft\\Windows\\Diagnostics\\` |\n| Boot log | `%LOCALAPPDATA%\\Microsoft\\Windows\\Diagnostics\\boot.log` |\n| Kill switch file | `%LOCALAPPDATA%\\Microsoft\\Windows\\Diagnostics\\.kill_watchdog` |\n`uia_extract.exe` SHA256 | `e2fda5aa8397799669f29258f69e803cf05d322c1d93269eef6754ca024c3865` |\n`uia_extract.exe` VirusTotal | 4/71 — Bkav, CrowdStrike, SecureAge, SentinelOne (all ML-based) |\n| Groq API keys | `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` (+ 3 more in `config.json` ) |\n\n## The loltestpad Campaign\n\nThe `loltestpad`\n\naccount appeared on 2026-04-14 with a throwaway email on `opemails.com`\n\n, a disposable mail service. Within 48 hours, it published three packages:\n\n| Package | Published | Real function | Cover description |\n|---|---|---|---|\n`ixpresso-core` | 2026-04-14 | Windows RAT (Veltrix) | “Personal AI System Agent — Control your device via WhatsApp” |\n`godsplan` | 2026-04-14 | AI exam cheating tool | ”High-performance DOM utility and diagnostic bridge” |\n`eyevox` | 2026-04-15 | Lightweight exam cheating variant | ”Professional Stealth AI Assistant with Multi-Snapshot Reasoning” |\n\nnpm removed all three within 48 hours. SafeDep’s analysis of `ixpresso-core`\n\nis [covered separately](/malicious-ixpresso-core-npm-rat) — it deployed a full Windows RAT with browser credential harvesting, Discord token theft, Telegram session exfiltration, and remote desktop over a Cloudflare tunnel.\n\n`exiouss`\n\nappeared on npm on 2026-05-01, 16 days after the April takedown. The cover description matches `godsplan`\n\n’s word-for-word: “High-performance DOM utility and diagnostic bridge for modern web applications.” `main.js`\n\nnames the project **Project Phantom-Batch**, identical to the April version. The internal version jumped to v12.0, indicating development continued after the takedown.\n\nSix earlier versions (1.0.0 through 1.0.10) appear in the registry `time`\n\nobject. All six were pulled before this analysis, leaving 1.0.4 active.\n\nBoth campaigns follow the same pattern: throwaway account, disposable email, fake developer-tool description, Windows-only payload, npm as distribution infrastructure. The attacker uses npm as a hosting and credibility layer, not as a poisoning vector. “Just `npm install -g exiouss`\n\n” reads more legitimate than a Discord download link.\n\n## The Bundled Credential Stealer\n\n`bin/chrome_cookies.ps1`\n\nis new to this version. The April packages did not include it.\n\nThe script implements Chrome DPAPI + AES-256-GCM cookie decryption. It reads the encrypted master key from each browser’s `Local State`\n\nfile, decrypts it with `ProtectedData.Unprotect`\n\n, then iterates cookies for `openai.com`\n\n, `chatgpt.com`\n\n, `auth.openai.com`\n\n, and `auth0.openai.com`\n\nacross Chrome, Edge, and Brave, covering multiple browser profiles each.\n\n`main.js`\n\nnever calls this script. It ships in the tarball for the attacker to run separately, or to wire into a future version. A valid `auth.openai.com`\n\nsession cookie gives full ChatGPT account access without a password — the attacker can change the email, lock the original owner out, and absorb the subscription.\n\nThe victim pool makes this worthwhile. Students running exam cheating tools on Windows have ChatGPT accounts, many with active Plus subscriptions they use for coursework. The exam cheat gets the attacker onto those machines. The cookie stealer monetises that access.\n\n## How Students Get Infected\n\n`exiouss`\n\ndeploys a persistent Electron overlay when run: a transparent always-on-top window invisible to proctoring screenshot capture via `WDA_EXCLUDEFROMCAPTURE`\n\n, hidden from Alt-Tab and the taskbar. The student captures the exam question using Windows UI Automation text extraction or a GDI screenshot, sends it to Groq’s LLM API via four hardcoded API keys in `config.json`\n\n, and the answer renders in the overlay. The package handles Safe Exam Browser by detecting its isolated secure desktop and spawning a child Electron process onto it via `CreateProcessW`\n\n.\n\nThe `uia_extract.exe`\n\nbinary scores 4/71 on VirusTotal, all ML-based. Windows Defender shows clean. Most exam machines run no AV that catches this. The cheating tool works well enough to spread through student communities, which puts the credential stealer on a growing number of machines without additional distribution cost.\n\n## Conclusion\n\nThe `loltestpad`\n\nattacker returned 16 days after the April takedown with the same account, the same description, and the same codebase. The addition is `chrome_cookies.ps1`\n\n: a ChatGPT session stealer, present and functional, not yet active.\n\nThe threat model is social engineering, not a poisoned lockfile. Students install this willingly. The cookie stealer sits dormant until the attacker activates it, either wired into a future version or triggered through the watchdog process that stays resident after the terminal closes.\n\nTreat any system that ran `exiouss`\n\nas potentially compromised. Check `%LOCALAPPDATA%\\Microsoft\\Windows\\Diagnostics\\`\n\nfor `SearchApp.exe`\n\nand `boot.log`\n\n. Rotate credentials stored in Chrome, Edge, and Brave. Revoke any OpenAI API keys stored in the browser.\n\nRun [ vet](https://github.com/safedep/vet) against your lockfiles to flag packages from recently created accounts before install.\n\n**Related:**\n\n[ixpresso-core: Windows RAT Disguised as a WhatsApp Agent](/malicious-ixpresso-core-npm-rat)— the RAT from the same`loltestpad`\n\ncampaign[forge-jsx npm Package: Purpose-Built Multi-Platform RAT](/malicious-forge-jsx-npm-rat)— another Electron-based Windows malware pattern[Malicious dom-utils-lite npm SSH Backdoor via Supabase](/malicious-dom-utils-lite-npm-ssh-backdoor)— fake DOM utility, real backdoor\n\n- malware\n- npm\n- supply-chain\n- credential-theft\n- campaign\n\n### Author\n\n[Kunal Singh](https://www.linkedin.com/in/kunalsin9h/)\n\nsafedep.io\n\n### Share\n\n## The Latest from SafeDep blogs\n\nFollow for the latest updates and insights on open source security & engineering\n\n[141 npm Packages Abuse Registry as Adware Hosting](/malicious-npm-terminal3airport-proxy-adware-spam)\n\nnpm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google...\n\n[Megalodon: Mass GitHub Repo Backdooring via CI Workflows](/megalodon-mass-github-repo-backdooring-ci-workflows)\n\nOver 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The \"megalodon\" campaign targeted...\n\n[forge-jsxy: 22 Versions of an Actively Developed npm RAT](/malicious-forge-jsxy-npm-rat-evolution)\n\nforge-jsxy picked up where the taken-down forge-jsx left off, publishing 22 versions over 22 days. Each release added new capabilities: crypto wallet scanning, Chromium extension theft, WebRTC data...\n\n[Polymarket npm Packages Steal Crypto Wallet Keys](/malicious-polymarket-npm-crypto-wallet-drainer)\n\nNine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages...\n\n## Ship Code.\n\n## Not Malware.\n\nStart free with open source tools on your machine. Scale to a unified platform for your organization.", "url": "https://wpnews.pro/news/exiouss-cookie-stealer-bundled-in-npm-exam-cheat", "canonical_source": "https://safedep.io/malicious-exiouss-npm-exam-cheating-tool", "published_at": "2026-05-01 00:00:00+00:00", "updated_at": "2026-05-27 08:40:45.825784+00:00", "lang": "en", "topics": ["ai-tools", "ai-products", "ai-safety", "ai-policy"], "entities": ["npm", "ChatGPT", "OpenAI", "Chrome", "Edge", "Brave", "loltestpad", "exiouss"], "alternates": {"html": "https://wpnews.pro/news/exiouss-cookie-stealer-bundled-in-npm-exam-cheat", "markdown": "https://wpnews.pro/news/exiouss-cookie-stealer-bundled-in-npm-exam-cheat.md", "text": "https://wpnews.pro/news/exiouss-cookie-stealer-bundled-in-npm-exam-cheat.txt", "jsonld": "https://wpnews.pro/news/exiouss-cookie-stealer-bundled-in-npm-exam-cheat.jsonld"}}