MAL-2025-6209

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/marcom-ac-console/MAL-2025-6209.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6209
Published
2025-07-17T19:28:06Z
Modified
2025-07-23T02:45:10Z
Summary
Malicious code in marcom-ac-console (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (64d378ac078f27f1f0357746b50307c933999c2eb82b5c9c7a7a6b0645910749)

The OpenSSF Package Analysis project identified 'marcom-ac-console' @ 1.0.5 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.5"
            ],
            "import_time": "2025-07-23T02:44:44.741336206Z",
            "modified_time": "2025-07-17T19:35:52Z",
            "sha256": "64d378ac078f27f1f0357746b50307c933999c2eb82b5c9c7a7a6b0645910749",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.1"
            ],
            "import_time": "2025-07-23T02:44:44.638304835Z",
            "modified_time": "2025-07-17T19:28:06Z",
            "sha256": "8b4a1a82215715df2da52aad42d06efba8953347b3647ef51c9534c28dae9984",
            "source": "ossf-package-analysis"
        }
    ]
}
References
Credits

Affected packages

npm / marcom-ac-console

Package

Affected ranges

Affected versions

1.*
1.0.1
1.0.5

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/marcom-ac-console/MAL-2025-6209.json"