{"id":"MAL-2025-1676","summary":"Malicious code in zohodeskportalsdksampleappsreactnative (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (46d46cb1be5475917e2e2ec917b43cb05d3a0382d2fc6b288f7fc02089399be5)\nThe OpenSSF Package Analysis project identified 'zohodeskportalsdksampleappsreactnative' @ 5.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-07-08T12:10:52Z","published":"2025-03-03T10:00:59Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-03-03T10:06:31.610027262Z","sha256":"46d46cb1be5475917e2e2ec917b43cb05d3a0382d2fc6b288f7fc02089399be5","versions":["5.1.0"],"source":"ossf-package-analysis","modified_time":"2025-03-03T10:00:59Z"},{"import_time":"2025-03-31T07:07:04.067268273Z","sha256":"2b51cf774582625926f6a47c82df2ab73045ffb0379269992538315f8443b0fc","versions":["1.1.0","2.1.0","3.1.0","5.1.0","5.2.0","5.5.0","9.0.0"],"source":"reversing-labs","id":"RLMA-2025-01921","modified_time":"2025-03-28T13:05:06Z"},{"import_time":"2025-07-07T15:37:53.26400288Z","sha256":"203da67f89175efa0ac1415af767a1dc79a2ab8ec8f1a94c0c829825133f8712","versions":["3.3.3"],"source":"ossf-package-analysis","modified_time":"2025-07-07T15:15:58Z"},{"import_time":"2025-07-08T09:07:51.39878993Z","sha256":"9b950f96644f755bb74dc9158bc441d3beab3b077ef11c8439c4674d22bd4234","versions":["5.5.5"],"source":"ossf-package-analysis","modified_time":"2025-07-08T08:42:15Z"},{"import_time":"2025-07-08T12:10:30.564516131Z","sha256":"a758a2538aece967a043ea305d686f9e5ba7c100b88924e131a380e5be1a7832","versions":["7.7.7"],"source":"ossf-package-analysis","modified_time":"2025-07-08T11:58:37Z"}]},"affected":[{"package":{"name":"zohodeskportalsdksampleappsreactnative","ecosystem":"npm","purl":"pkg:npm/zohodeskportalsdksampleappsreactnative"},"versions":["5.1.0","1.1.0","2.1.0","3.1.0","5.2.0","5.5.0","9.0.0","3.3.3","5.5.5","7.7.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zohodeskportalsdksampleappsreactnative/MAL-2025-1676.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}