{"id":"MAL-2026-2332","summary":"Malicious code in @hsbc-mfe/host (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8a848d447b30dd51c4c541fa6a6e6d377bfe77ee4b04b4904996f725b8519789)\nThe package @hsbc-mfe/host was found to contain malicious code.\n","modified":"2026-04-07T14:50:36.389586Z","published":"2026-03-24T15:28:47Z","database_specific":{"malicious-packages-origins":[{"sha256":"18226dfd197bfda21a7727cf606481ffea6e1b53a672de88f13dc8a5cde73696","id":"RLMA-2026-01702","versions":["99.99.3"],"import_time":"2026-04-01T12:26:06.290398561Z","source":"reversing-labs","modified_time":"2026-03-24T15:28:47Z"},{"sha256":"8a848d447b30dd51c4c541fa6a6e6d377bfe77ee4b04b4904996f725b8519789","versions":["99.99.3"],"import_time":"2026-04-07T14:39:10.554087106Z","source":"amazon-inspector","modified_time":"2026-04-07T14:24:50Z"}]},"affected":[{"package":{"name":"@hsbc-mfe/host","ecosystem":"npm","purl":"pkg:npm/%40hsbc-mfe/host"},"versions":["99.99.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@hsbc-mfe/host/MAL-2026-2332.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}