{"id":"MAL-2026-3188","summary":"Malicious code in apple-security-internal-scanner-v3 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6088746661229cdf51da875e15d5ba99c4ebee26f205b968e5aa52015a80cfad)\nThe package apple-security-internal-scanner-v3 was found to contain malicious code.\n\n## Source: ossf-package-analysis (737d706aa0ea58f3adf22752a514da4fd2017d12699d131cafd76bc1d5ccb72f)\nThe OpenSSF Package Analysis project identified 'apple-security-internal-scanner-v3' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-04-30T23:09:22.312443Z","published":"2026-04-29T15:46:00Z","database_specific":{"malicious-packages-origins":[{"sha256":"737d706aa0ea58f3adf22752a514da4fd2017d12699d131cafd76bc1d5ccb72f","import_time":"2026-04-29T23:23:37.715771621Z","modified_time":"2026-04-29T15:46:00Z","source":"ossf-package-analysis","versions":["1.0.0"]},{"sha256":"6088746661229cdf51da875e15d5ba99c4ebee26f205b968e5aa52015a80cfad","import_time":"2026-04-30T22:23:14.238938885Z","modified_time":"2026-04-30T21:59:18Z","source":"amazon-inspector","versions":["1.0.0"]}]},"affected":[{"package":{"name":"apple-security-internal-scanner-v3","ecosystem":"npm","purl":"pkg:npm/apple-security-internal-scanner-v3"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/apple-security-internal-scanner-v3/MAL-2026-3188.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}