{"id":"MAL-2026-2396","summary":"Malicious code in voodoo-internal-api (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (a66c21f000ea33496a8cd95744872d47bbd617d4a4cabdae400ae0361cf0faf3)\nThe package voodoo-internal-api was found to contain malicious code.\n","modified":"2026-04-07T14:49:34.033894Z","published":"2026-03-24T16:03:29Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-04-01T12:26:11.55773495Z","versions":["99.9.9"],"id":"RLMA-2026-01830","sha256":"9c558980012b19d76027f5ccb9a26a195dd7cff2cc4380bbd8180bf2d614feec","source":"reversing-labs","modified_time":"2026-03-24T16:03:29Z"},{"import_time":"2026-04-07T14:39:13.437653532Z","versions":["99.9.9"],"sha256":"a66c21f000ea33496a8cd95744872d47bbd617d4a4cabdae400ae0361cf0faf3","source":"amazon-inspector","modified_time":"2026-04-07T14:24:50Z"}]},"affected":[{"package":{"name":"voodoo-internal-api","ecosystem":"npm","purl":"pkg:npm/voodoo-internal-api"},"versions":["99.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/voodoo-internal-api/MAL-2026-2396.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}