-= Per source details. Do not edit below this line.=-
package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity (os.hostname(), os.platform(), os.arch(), os.userInfo() including uid/gid, shell, homedir, cwd) and the output of whoami and id via child_process, then POSTs the JSON payload to the hardcoded URL https://eucfugc8bk66haszliir75yd74dv1lpa.oastify.com/detox56 (a Burp Collaborator subdomain). The package ships no eslint rule implementation — its only effect on install is the recon/exfiltration beacon. The package name eslint-plugin-mistica-local-rules mimics the Telefónica Mistica design-system internal eslint-plugin namespace, consistent with a dependency-confusion attack against private-registry consumers.
{
"malicious-packages-origins": [
{
"sha256": "72d5fe15c6bf5a8084dd7cb92869cfe7d7c8a667581dd8ba8c0de403bcfeff57",
"id": "IN-MAL-2026-005836",
"source": "amazon-inspector",
"import_time": "2026-06-12T19:43:38.516424769Z",
"modified_time": "2026-06-12T19:02:58Z",
"versions": [
"19.12.11"
]
},
{
"sha256": "c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123",
"id": "IN-MAL-2026-005835",
"source": "amazon-inspector",
"import_time": "2026-06-12T19:43:38.418476887Z",
"modified_time": "2026-06-12T19:02:58Z",
"versions": [
"19.12.11"
]
}
]
}{
"package_integrity": [
{
"filename": "eslint-plugin-mistica-local-rules-19.12.11.tgz",
"hashes": {
"sha1": "f18079c4bac792db77fa468435d28d3ab5591aaa",
"sha512_sri": "sha512-ixWhgcKKEXP09K1YBvfK2xncuPtYEu2UvXokZqtvHH9Rfghn/WMCT+X/y+ONpjvNnbsVj22/u2Q0ll1ZyABHhQ=="
}
}
],
"domains": [
"eucfugc8bk66haszliir75yd74dv1lpa.oastify.com"
],
"evidence_files": [
{
"path": "index.js",
"tlsh": "a35151c515f65a241ba7b8494a4f9402a327e003350aee55bfcc8340af9937c9bf0bf2",
"sha256": "dbdb62f421441baa4dbb05960ca341c1174ebeca2be892702de1630626ec551e"
},
{
"path": "package.json",
"tlsh": "aed02e200d21643369c102aa0c2ba0c772a2cf6f0014bc08a3df682c82ce37b88fb30d",
"sha256": "61f69ac09a506d72b97c08911ba8d1c3fd33713c1737601041e46db8003d4f87"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-plugin-mistica-local-rules/MAL-2026-5703.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506",
"name": "Embedded Malicious Code"
}
]