MAL-2025-617

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/outlookapi/MAL-2025-617.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-617
Published
2025-01-21T17:33:44Z
Modified
2025-01-21T17:33:44Z
Summary
Malicious code in outlookapi (npm)
Details

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks.

Database specific
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / outlookapi

Package

Affected ranges

Affected versions

1.*

1.0.0
1.0.1
1.0.2