{"id":"MAL-2024-1039","summary":"Malicious code in is24-desktop (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (1f924b1c86b042837547c3f1942013a3f4b791af2a22914a1694ba2a0b90b61a)\nThe OpenSSF Package Analysis project identified 'is24-desktop' @ 18.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-03-04T05:49:30Z","published":"2024-02-27T17:54:26Z","database_specific":{"malicious-packages-origins":[{"versions":["17.0.0"],"source":"ossf-package-analysis","import_time":"2024-02-27T18:05:50.23891484Z","sha256":"6d3155c5fdeb62a989de80674505c333ab33f5cc211f7c8771f7627ff663d771","modified_time":"2024-02-27T17:54:26Z"},{"versions":["18.0.0"],"source":"ossf-package-analysis","import_time":"2024-02-27T19:04:58.399213511Z","sha256":"1f924b1c86b042837547c3f1942013a3f4b791af2a22914a1694ba2a0b90b61a","modified_time":"2024-02-27T18:35:54Z"},{"versions":["19.0.0"],"source":"ossf-package-analysis","import_time":"2024-03-04T05:49:09.826312175Z","sha256":"8ada6ca8c5150cc9c2f964770eb16632e7e3fd36d4d0489b10ef5b642f3a2f63","modified_time":"2024-02-27T18:45:51Z"},{"versions":["20.0.0"],"source":"ossf-package-analysis","import_time":"2024-03-04T05:49:09.91372691Z","sha256":"bfc403b37beae871d2960a4fe4c3b3108b9d8dbb98f618f7de1bd4c1650d4f6a","modified_time":"2024-02-27T19:10:41Z"}]},"affected":[{"package":{"name":"is24-desktop","ecosystem":"npm","purl":"pkg:npm/is24-desktop"},"versions":["17.0.0","18.0.0","19.0.0","20.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/is24-desktop/MAL-2024-1039.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}