{"id":"MAL-2024-11922","summary":"Malicious code in blz-internal-pkg_update (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (8c0576719ed89c86b80e8064de18e089618752aa208fa88dfc410ad73e84bf8e)\nThe OpenSSF Package Analysis project identified 'blz-internal-pkg_update' @ 7.7.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-12-20T17:05:51Z","published":"2024-12-19T11:50:49Z","database_specific":{"malicious-packages-origins":[{"import_time":"2024-12-19T12:08:58.896188961Z","modified_time":"2024-12-19T11:55:53Z","source":"ossf-package-analysis","versions":["7.7.11"],"sha256":"8c0576719ed89c86b80e8064de18e089618752aa208fa88dfc410ad73e84bf8e"},{"import_time":"2024-12-19T12:08:58.806459796Z","modified_time":"2024-12-19T11:50:49Z","source":"ossf-package-analysis","versions":["7.7.9"],"sha256":"932569e3f96886f9731675340f18ca15953074cb69922a6e77ef256b28b5363b"},{"import_time":"2024-12-20T16:37:49.789561661Z","modified_time":"2024-12-20T16:31:03Z","source":"ossf-package-analysis","versions":["7.7.14"],"sha256":"22b7ba0d1c3b8e5b5dd1164d61508d7d0bf9932f8fd52521ac672c50cb822bdd"},{"import_time":"2024-12-20T17:05:26.315186642Z","modified_time":"2024-12-20T16:38:11Z","source":"ossf-package-analysis","versions":["7.7.15"],"sha256":"a345201b8a7d112f2f876959b1a809c83236a7ab6d2f7136af1ab8362650a81c"},{"import_time":"2024-12-20T17:05:26.387017047Z","modified_time":"2024-12-20T16:40:54Z","source":"ossf-package-analysis","versions":["7.7.16"],"sha256":"b5569612611d419e23a32156cb4d1119182a1e298dfd25a70741bdd62c83573e"}]},"affected":[{"package":{"name":"blz-internal-pkg_update","ecosystem":"npm","purl":"pkg:npm/blz-internal-pkg_update"},"versions":["7.7.11","7.7.9","7.7.14","7.7.15","7.7.16"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/blz-internal-pkg_update/MAL-2024-11922.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}