MAL-2025-192278

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-aurora-toy-659/MAL-2025-192278.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-192278

Published

2025-12-03T19:51:09Z

Modified

2025-12-23T16:52:02.248844Z

Summary

Malicious code in elf-stats-aurora-toy-659 (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (2d91ae0169f112f2142e3793ee5f5fea9aebc352c6969c276ba2e5d31bd03f2a)

The package elf-stats-aurora-toy-659 was found to contain malicious code.

Source: ossf-package-analysis (9b7d8156b7316442c1eb5705d57b6136f083500e7cf5019e000cdece04d19b29)

The OpenSSF Package Analysis project identified 'elf-stats-aurora-toy-659' @ 99.9.10 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Database specific

{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "import_time": "2025-12-03T20:08:02.990341025Z",
            "modified_time": "2025-12-03T19:51:09Z",
            "versions": [
                "99.9.10"
            ],
            "sha256": "9b7d8156b7316442c1eb5705d57b6136f083500e7cf5019e000cdece04d19b29"
        },
        {
            "source": "ossf-package-analysis",
            "import_time": "2025-12-03T20:08:03.260969421Z",
            "modified_time": "2025-12-03T20:00:34Z",
            "versions": [
                "99.9.12"
            ],
            "sha256": "c5ebe9b6a9e54842efc9745d793be6a81c32601f62c99711a8a045bbea0e9357"
        },
        {
            "source": "ossf-package-analysis",
            "import_time": "2025-12-03T20:08:03.130223126Z",
            "modified_time": "2025-12-03T19:56:09Z",
            "versions": [
                "99.9.11"
            ],
            "sha256": "f6bc3270447b5b20b57e0b874e22706ba4e063a2cf35f898eaa27949faca620e"
        },
        {
            "source": "amazon-inspector",
            "import_time": "2025-12-05T20:39:35.660379782Z",
            "modified_time": "2025-12-05T20:38:15Z",
            "versions": [
                "99.9.10",
                "99.9.12",
                "99.9.11"
            ],
            "sha256": "2d91ae0169f112f2142e3793ee5f5fea9aebc352c6969c276ba2e5d31bd03f2a"
        },
        {
            "modified_time": "2025-12-23T08:06:02Z",
            "source": "reversing-labs",
            "import_time": "2025-12-23T16:42:57.353164161Z",
            "id": "RLMA-2025-06120",
            "versions": [
                "99.9.9",
                "99.9.10",
                "99.9.11",
                "99.9.12"
            ],
            "sha256": "1fe78b9f9ab018e118c15be426fd0f7b9d2da6de6f7411025b3449d6db7ba4b9"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / elf-stats-aurora-toy-659

Package

Name: elf-stats-aurora-toy-659; View open source insights on deps.dev
Purl: pkg:npm/elf-stats-aurora-toy-659

Affected ranges

Affected versions

99.*

99.9.9

99.9.10

99.9.11

99.9.12

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-aurora-toy-659/MAL-2025-192278.json"