{"id":"MAL-2025-63","summary":"Malicious code in aem-guides-wknd-app (npm)","details":"This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2025-02-03T18:38:39Z","published":"2025-01-08T01:43:42Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","import_time":"2025-02-03T18:37:45.692829224Z","modified_time":"2025-02-03T16:44:06Z","versions":["3.0.0"],"id":"RLMA-2025-00056","sha256":"55ef2d38f09f6507758c43cdb6fbb82b86b4707bbf5565a35823c5d775307354"}]},"affected":[{"package":{"name":"aem-guides-wknd-app","ecosystem":"npm","purl":"pkg:npm/aem-guides-wknd-app"},"versions":["3.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/aem-guides-wknd-app/MAL-2025-63.json"}}],"schema_version":"1.7.3","credits":[{"name":"GitHax - Software Supply Chain Threat Intelligence","contact":["https://githax.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}