{"id":"MAL-2026-2510","summary":"Malicious code in @velora-dex/sdk (npm)","details":"Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server (89.36.224.5) targeting macOS\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311)\nThe package @velora-dex/sdk was found to contain malicious code.\n\n## Source: ossf-package-analysis (013b2c71633a40b8d425f998bb589074e403eea3069a0af42d70a041827475a3)\nThe OpenSSF Package Analysis project identified '@velora-dex/sdk' @ 9.4.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-04-20T01:06:39.306649Z","published":"2026-04-07T19:23:02Z","database_specific":{"malicious-packages-origins":[{"sha256":"21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311","source":"amazon-inspector","versions":["9.4.1"],"import_time":"2026-04-10T17:21:50.564186301Z","modified_time":"2026-04-10T17:02:58Z"},{"sha256":"013b2c71633a40b8d425f998bb589074e403eea3069a0af42d70a041827475a3","source":"ossf-package-analysis","versions":["9.4.1"],"import_time":"2026-04-20T00:43:15.38090661Z","modified_time":"2026-04-07T19:23:02Z"}]},"references":[{"type":"REPORT","url":"https://safedep.io/malicious-velora-dex-sdk-npm-compromised-rat/"}],"affected":[{"package":{"name":"@velora-dex/sdk","ecosystem":"npm","purl":"pkg:npm/%40velora-dex/sdk"},"versions":["9.4.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@velora-dex/sdk/MAL-2026-2510.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}