{"id":"MAL-2025-192811","summary":"Malicious code in jsonauto (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ce9bf596900bc5133273dd4e77700e5636518a55c780b186e42a26d30efeabc3)\nThe package jsonauto was found to contain malicious code.\n","aliases":["SNYK-JS-JSONAUTO-14152267"],"modified":"2026-03-19T12:45:16.174949Z","published":"2025-12-23T08:18:00Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-12-23T08:18:00Z","sha256":"198cb8e37f235b885e0f26a594eccfa7749eb3b2f58e6f3f5015e215e6913c6e","import_time":"2025-12-24T10:07:23.939403996Z","id":"RLMA-2025-06377","source":"reversing-labs","versions":["5.1.0"]},{"modified_time":"2026-01-02T21:29:26Z","sha256":"ce9bf596900bc5133273dd4e77700e5636518a55c780b186e42a26d30efeabc3","import_time":"2026-01-02T21:35:50.417020969Z","source":"amazon-inspector","versions":["5.1.0"]},{"modified_time":"2026-03-18T12:56:06Z","sha256":"3f1dd63edd30a6580f42521ca40336bcd96c58b30dc72ae6a2fa54c8e31e01d1","import_time":"2026-03-19T12:20:55.200791408Z","id":"RLUA-2026-01374","source":"reversing-labs"}]},"references":[{"type":"ARTICLE","url":"https://socket.dev/blog/north-korea-contagious-interview-npm-attacks"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-JSONAUTO-14152267"},{"type":"ARTICLE","url":"https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html"}],"affected":[{"package":{"name":"jsonauto","ecosystem":"npm","purl":"pkg:npm/jsonauto"},"versions":["5.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jsonauto/MAL-2025-192811.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}