MAL-2024-8842

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/call-blockflow/MAL-2024-8842.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-8842
Published
2024-09-05T09:39:45Z
Modified
2024-09-05T09:15:00Z
Summary
Malicious code in call-blockflow (npm)
Details

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign.

References
Credits

Affected packages

npm / call-blockflow

Package

Affected ranges

Affected versions

1.*

1.0.0