{"id":"MAL-2026-10669","summary":"Malicious code in dbconnectify (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (e23c446b06120537793ebc07d748d8de5334ae4ec6779bda5368885c72216e81)\nThe package exposes a method queryDBConnect that performs an HTTP GET against a URL stored as a base64-encoded constant (HASH_KEY) decoded at runtime via atob(). The decoded endpoint is https://api.jsonsilo.com/public/bbc58e47-8c79-4653-ab75-d94e69230854, a third-party JSON-hosting service whose content is mutable by whoever controls the record. The fetched JavaScript source is passed to Node's internal Module._compile as \"errorcheck.js\", loading and executing attacker-controlled code in the installer's process. A database connector library has no functional need to load remote code, and hiding the endpoint behind base64 obfuscation is characteristic of evasion rather than legitimate configuration.\n","modified":"2026-07-15T09:19:32.140445157Z","published":"2026-07-15T07:55:37Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.1"],"id":"IN-MAL-2026-010624","import_time":"2026-07-15T08:51:04.457747549Z","modified_time":"2026-07-15T07:55:37Z","sha256":"e23c446b06120537793ebc07d748d8de5334ae4ec6779bda5368885c72216e81","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/dbconnectify/v/1.0.1"}],"affected":[{"package":{"name":"dbconnectify","ecosystem":"npm","purl":"pkg:npm/dbconnectify"},"versions":["1.0.1"],"database_specific":{"indicators":{"evidence_files":[{"path":"index.js","sha256":"ae4e914eca8211e8837642a52e8bc616b8f6d7de05585213d09a3be18e1c06cf","tlsh":"ea822e0637f72527017b7064a6cb4080a439f41b2b35d964be5cc6b15fa87b8ada37d8"}],"package_integrity":[{"filename":"dbconnectify-1.0.1.tgz","hashes":{"sha512_sri":"sha512-rpb4E5PSdiKf63f9CcaeyYvaBwsms4TFjBcSgAOArOjCqTfKCReOUiTds6tx+FpRwHJVUIla3XwYISWWzB15Og==","sha1":"f2097afd7705f946c7ed145157ee458834649910"}}]},"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dbconnectify/MAL-2026-10669.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}