{"id":"MAL-2026-1693","summary":"Malicious code in coinbase-desktop-sdk (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5acc3fd93737f0c91c26014273ad41b78393a11a3c9377a337636ce2ba558477)\nThe package coinbase-desktop-sdk was found to contain malicious code.\n","modified":"2026-04-16T15:53:53.234093Z","published":"2026-03-18T12:44:21Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","sha256":"8cf806b4effa415af57ef60eb1b36074b399696799b34c4afde377177331c402","modified_time":"2026-03-18T12:44:21Z","import_time":"2026-03-19T12:18:42.634777406Z","versions":["1.5.14","1.5.15","1.5.16","1.5.17","1.5.19"],"id":"RLMA-2026-01211"},{"source":"amazon-inspector","sha256":"5acc3fd93737f0c91c26014273ad41b78393a11a3c9377a337636ce2ba558477","modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:31.214249475Z","versions":["1.5.14","1.5.15","1.5.16","1.5.17","1.5.19"]},{"source":"reversing-labs","sha256":"7bfe656aa67bbceeed2d7f6def21d5c20f9ec1f22d4cab7ba113021174933e08","modified_time":"2026-04-16T09:50:05Z","import_time":"2026-04-16T15:39:27.25787983Z","id":"RLUA-2026-01926"}]},"references":[{"type":"ARTICLE","url":"https://www.reversinglabs.com/blog/npm-fake-install-logs-rat"}],"affected":[{"package":{"name":"coinbase-desktop-sdk","ecosystem":"npm","purl":"pkg:npm/coinbase-desktop-sdk"},"versions":["1.5.14","1.5.15","1.5.16","1.5.17","1.5.19"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/coinbase-desktop-sdk/MAL-2026-1693.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}