{"id":"MAL-2025-192809","summary":"Malicious code in jsonauth (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6e3fccdac696d746d016d5baa43d1ccd9475daced2fe66c37adb172f91a78c68)\nThe package jsonauth was found to contain malicious code.\n","aliases":["SNYK-JS-JSONAUTH-14152266"],"modified":"2026-03-19T12:45:14.724183Z","published":"2025-12-23T08:17:51Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-12-23T08:17:51Z","sha256":"b2e15ac6855d8cfed97e7774f58a71cfa204f0ef1da5d7c8956261b991a83e73","import_time":"2025-12-24T10:07:23.868427374Z","versions":["7.2.7"],"id":"RLMA-2025-06375","source":"reversing-labs"},{"modified_time":"2026-01-02T21:29:26Z","sha256":"6e3fccdac696d746d016d5baa43d1ccd9475daced2fe66c37adb172f91a78c68","import_time":"2026-01-02T21:35:51.881132798Z","versions":["7.2.7"],"source":"amazon-inspector"},{"modified_time":"2026-03-18T12:55:57Z","sha256":"93c7d2298ad4d2edebf784691fb20536f2cb3985befe246bb26409bee2e201ba","import_time":"2026-03-19T12:20:55.04291627Z","id":"RLUA-2026-01372","source":"reversing-labs"}]},"references":[{"type":"ARTICLE","url":"https://socket.dev/blog/north-korea-contagious-interview-npm-attacks"},{"type":"ARTICLE","url":"https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-JSONAUTH-14152266"}],"affected":[{"package":{"name":"jsonauth","ecosystem":"npm","purl":"pkg:npm/jsonauth"},"versions":["7.2.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jsonauth/MAL-2025-192809.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}