{"id":"MAL-2026-3373","summary":"Malicious code in owa-analytics-utils (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (644a42250298e29b58f2cfe75c1d362637e2c31f1a1ef9b9cfbe5d9ff0475fb8)\nThe package owa-analytics-utils was found to contain malicious code.\n\n## Source: ossf-package-analysis (6b195f7f4b8add77e943e32fc4e7f08ea50ae2dc1d0021cf2f2bc54c035331b5)\nThe OpenSSF Package Analysis project identified 'owa-analytics-utils' @ 99.9.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-12T07:57:39.686207Z","published":"2026-05-07T16:08:35Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-07T16:08:35Z","import_time":"2026-05-08T05:44:45.465033975Z","sha256":"6b195f7f4b8add77e943e32fc4e7f08ea50ae2dc1d0021cf2f2bc54c035331b5","versions":["99.9.0"],"source":"ossf-package-analysis"},{"modified_time":"2026-05-12T06:53:21Z","import_time":"2026-05-12T07:28:50.684464763Z","sha256":"644a42250298e29b58f2cfe75c1d362637e2c31f1a1ef9b9cfbe5d9ff0475fb8","versions":["99.9.0"],"source":"amazon-inspector"}]},"affected":[{"package":{"name":"owa-analytics-utils","ecosystem":"npm","purl":"pkg:npm/owa-analytics-utils"},"versions":["99.9.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/owa-analytics-utils/MAL-2026-3373.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}