{"id":"MAL-2026-1794","summary":"Malicious code in my-benefits-web (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c5aaf8254cd355ca47587aa46a9489d933410356052f3a2c2596404e70de7912)\nThe package my-benefits-web was found to contain malicious code.\n","modified":"2026-03-23T05:44:08.547016Z","published":"2026-03-18T12:59:56Z","database_specific":{"malicious-packages-origins":[{"sha256":"161fcab0efcf2df56e4d1f08230d6fe76d6bff7f60b8bc8c3ad78cfa976baf82","versions":["1.0.0","1.0.5","1.0.6"],"id":"RLMA-2026-01437","source":"reversing-labs","modified_time":"2026-03-18T12:59:56Z","import_time":"2026-03-19T12:19:01.824231515Z"},{"sha256":"c5aaf8254cd355ca47587aa46a9489d933410356052f3a2c2596404e70de7912","versions":["1.0.0","1.0.5","1.0.6"],"source":"amazon-inspector","modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:07.18001603Z"}]},"affected":[{"package":{"name":"my-benefits-web","ecosystem":"npm","purl":"pkg:npm/my-benefits-web"},"versions":["1.0.0","1.0.5","1.0.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/my-benefits-web/MAL-2026-1794.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}