MAL-2025-192270

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-tinsel-candy-605/MAL-2025-192270.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192270
Published
2025-12-03T18:49:05Z
Modified
2025-12-24T00:24:23.586287Z
Summary
Malicious code in elf-stats-tinsel-candy-605 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (81cbef0d18c705f5e2d320ebbffd2ca291c82eeed7bb636c5a582d7388790185)

The package elf-stats-tinsel-candy-605 was found to contain malicious code.

Source: ossf-package-analysis (c432f49dc7e519859ce1fa043fb6290f59585d3ad680335eb2aea17e32f6f9d3)

The OpenSSF Package Analysis project identified 'elf-stats-tinsel-candy-605' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "import_time": "2025-12-03T19:06:41.997040795Z",
            "sha256": "c432f49dc7e519859ce1fa043fb6290f59585d3ad680335eb2aea17e32f6f9d3",
            "modified_time": "2025-12-03T18:49:05Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "source": "amazon-inspector",
            "import_time": "2025-12-03T19:36:12.808375649Z",
            "sha256": "81cbef0d18c705f5e2d320ebbffd2ca291c82eeed7bb636c5a582d7388790185",
            "modified_time": "2025-12-03T19:34:54Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "source": "reversing-labs",
            "id": "RLMA-2025-06321",
            "import_time": "2025-12-23T22:07:18.745968883Z",
            "modified_time": "2025-12-23T08:11:18Z",
            "sha256": "f62c62cac0d24a041a9f3eafd92898a9f748941fffe862a4f91d239016dc5287",
            "versions": [
                "1.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / elf-stats-tinsel-candy-605

Package

Name
elf-stats-tinsel-candy-605
View open source insights on deps.dev
Purl
pkg:npm/elf-stats-tinsel-candy-605

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-tinsel-candy-605/MAL-2025-192270.json"