{"id":"MAL-2026-2285","summary":"Malicious code in dial-app-version (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799)\nThe package dial-app-version was found to contain malicious code.\n\n## Source: ossf-package-analysis (2708b4f6c8fba40d24ccf0abe6369cb348897b35a070092f0b8b4ac45f651059)\nThe OpenSSF Package Analysis project identified 'dial-app-version' @ 9999.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-31T03:23:37.999180Z","published":"2026-03-29T10:58:29Z","database_specific":{"malicious-packages-origins":[{"versions":["9999.0.1"],"source":"ossf-package-analysis","sha256":"2708b4f6c8fba40d24ccf0abe6369cb348897b35a070092f0b8b4ac45f651059","import_time":"2026-03-29T11:11:25.645815498Z","modified_time":"2026-03-29T11:00:56Z"},{"versions":["9999.0.0"],"source":"ossf-package-analysis","sha256":"f8fbff38278c58a342e8a680f69fd75ac3ec1e9a857f32ec05d0b6ce2cf6bdd0","import_time":"2026-03-29T11:11:25.572502529Z","modified_time":"2026-03-29T10:58:29Z"},{"versions":["9999.0.3"],"source":"ossf-package-analysis","sha256":"3d1620a1a42d35263cdd75a5fd74af426073d4eb368227e4378ca821c31a0c37","import_time":"2026-03-29T11:42:24.47351048Z","modified_time":"2026-03-29T11:33:27Z"},{"versions":["9999.0.1","9999.0.0","9999.0.3"],"source":"amazon-inspector","sha256":"9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799","import_time":"2026-03-31T03:10:04.980722181Z","modified_time":"2026-03-31T02:07:58Z"}]},"affected":[{"package":{"name":"dial-app-version","ecosystem":"npm","purl":"pkg:npm/dial-app-version"},"versions":["9999.0.1","9999.0.0","9999.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dial-app-version/MAL-2026-2285.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}