{"id":"MAL-2026-2510","summary":"Malicious code in @velora-dex/sdk (npm)","details":"Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server (89.36.224.5) targeting macOS\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311)\nThe package @velora-dex/sdk was found to contain malicious code.\n","modified":"2026-04-10T17:34:44.955899Z","published":"2026-04-08T04:29:51Z","database_specific":{"malicious-packages-origins":[{"sha256":"21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311","import_time":"2026-04-10T17:21:50.564186301Z","versions":["9.4.1"],"modified_time":"2026-04-10T17:02:58Z","source":"amazon-inspector"}]},"references":[{"type":"REPORT","url":"https://safedep.io/malicious-velora-dex-sdk-npm-compromised-rat/"}],"affected":[{"package":{"name":"@velora-dex/sdk","ecosystem":"npm","purl":"pkg:npm/%40velora-dex/sdk"},"versions":["9.4.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@velora-dex/sdk/MAL-2026-2510.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}