{"id":"MAL-2025-47577","summary":"Malicious code in adobe-alloy-mini-site (npm)","details":"The package adobe-alloy-mini-site was found to contain malicious code.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: google-open-source-security (d728d9b200c3b58899afcf6beb561ec60882028a3368ade745710195d969df22)\nThis package installs a dependency hosted on a custom domain that runs an\ninfo stealer during installation. The info stealer focuses on stealing\nnpm, git, and other CI/CD related tokens.\n","modified":"2025-12-02T10:08:25.360875Z","published":"2025-09-25T15:07:06Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-09-26T11:05:45.034308042Z","id":"RLMA-2025-04913","sha256":"8c95a9e2db5b57105d60395cd2856d366b31bf3e1fab72926d75505efa6abcd7","source":"reversing-labs","modified_time":"2025-09-26T09:20:18Z","versions":["99.0.0"]},{"import_time":"2025-10-30T03:28:38.522269Z","sha256":"d728d9b200c3b58899afcf6beb561ec60882028a3368ade745710195d969df22","source":"google-open-source-security","modified_time":"2025-10-30T03:28:23Z","versions":["99.0.0"]},{"import_time":"2025-12-02T09:10:01.094470817Z","id":"RLUA-2025-05677","sha256":"b7402ea0fa9b179ac4a510804bb7dc1133bd8ae6d35c95d7f08f72655afc78c9","source":"reversing-labs","modified_time":"2025-12-01T12:59:25Z"}]},"references":[{"type":"WEB","url":"https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies"},{"type":"WEB","url":"https://www.sonatype.com/blog/phantomraven-npm-malware"}],"affected":[{"package":{"name":"adobe-alloy-mini-site","ecosystem":"npm","purl":"pkg:npm/adobe-alloy-mini-site"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["99.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/adobe-alloy-mini-site/MAL-2025-47577.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}