MAL-2026-10669

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dbconnectify/MAL-2026-10669.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10669
Published
2026-07-15T07:55:37Z
Modified
2026-07-15T09:19:32.140445157Z
Summary
Malicious code in dbconnectify (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (e23c446b06120537793ebc07d748d8de5334ae4ec6779bda5368885c72216e81)

The package exposes a method queryDBConnect that performs an HTTP GET against a URL stored as a base64-encoded constant (HASH_KEY) decoded at runtime via atob(). The decoded endpoint is https://api.jsonsilo.com/public/bbc58e47-8c79-4653-ab75-d94e69230854, a third-party JSON-hosting service whose content is mutable by whoever controls the record. The fetched JavaScript source is passed to Node's internal Module._compile as "errorcheck.js", loading and executing attacker-controlled code in the installer's process. A database connector library has no functional need to load remote code, and hiding the endpoint behind base64 obfuscation is characteristic of evasion rather than legitimate configuration.

Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-07-15T07:55:37Z",
            "source": "amazon-inspector",
            "import_time": "2026-07-15T08:51:04.457747549Z",
            "versions": [
                "1.0.1"
            ],
            "id": "IN-MAL-2026-010624",
            "sha256": "e23c446b06120537793ebc07d748d8de5334ae4ec6779bda5368885c72216e81"
        }
    ]
}
References
Credits

Affected packages

npm / dbconnectify

Package

Affected ranges

Affected versions

1.*
1.0.1

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "dbconnectify-1.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-rpb4E5PSdiKf63f9CcaeyYvaBwsms4TFjBcSgAOArOjCqTfKCReOUiTds6tx+FpRwHJVUIla3XwYISWWzB15Og==",
                "sha1": "f2097afd7705f946c7ed145157ee458834649910"
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "ea822e0637f72527017b7064a6cb4080a439f41b2b35d964be5cc6b15fa87b8ada37d8",
            "path": "index.js",
            "sha256": "ae4e914eca8211e8837642a52e8bc616b8f6d7de05585213d09a3be18e1c06cf"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dbconnectify/MAL-2026-10669.json"
cwes
[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]