MAL-2025-47576
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/adobe-alloy/MAL-2025-47576.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-47576
- Published
- 2025-09-25T15:07:06Z
- Modified
- 2025-12-02T10:08:26.293154Z
- Summary
- Malicious code in adobe-alloy (npm)
- Details
-
The package adobe-alloy was found to contain malicious code.
-= Per source details. Do not edit below this line.=-
Source: google-open-source-security (a8e952541082c8bec5f3b5c23a250995aa6d04b35925087502b6ed7100760d27)
This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on stealing npm, git, and other CI/CD related tokens.
- Database specific
{ "malicious-packages-origins": [ { "id": "RLMA-2025-04912", "import_time": "2025-09-26T11:05:44.96258577Z", "sha256": "4765e309daa5f180841a5358f3143369c47386b1af23cf68ffe9083cc39b5758", "source": "reversing-labs", "modified_time": "2025-09-26T09:20:17Z", "versions": [ "99.0.0" ] }, { "import_time": "2025-10-30T03:28:38.517375Z", "sha256": "a8e952541082c8bec5f3b5c23a250995aa6d04b35925087502b6ed7100760d27", "source": "google-open-source-security", "modified_time": "2025-10-30T03:28:23Z", "versions": [ "99.0.0" ] }, { "id": "RLUA-2025-05676", "import_time": "2025-12-02T09:10:01.030155368Z", "sha256": "e2bd3bc693b63ef6b433b2ac7af83df466672c727794d9c4015c7c6a40539870", "source": "reversing-labs", "modified_time": "2025-12-01T12:59:24Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / adobe-alloy
Package
- Name
- adobe-alloy
- View open source insights on deps.dev
- Purl
- pkg:npm/adobe-alloy