{"id":"MAL-2026-4165","summary":"Malicious code in paysafe-gbp-virtual-terminal-lib-fe (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8437cc0ad1a14bf5694e8b5fbc17a0616033c1c473c6e71f46684172bc122ab3)\nThe package paysafe-gbp-virtual-terminal-lib-fe was found to contain malicious code.\n\n## Source: ossf-package-analysis (48d73ddb21eea57c267b1b39acf5321f70e09c87e9b4e9c18f0592310b43f8cc)\nThe OpenSSF Package Analysis project identified 'paysafe-gbp-virtual-terminal-lib-fe' @ 3.1.13 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-20T01:01:59.937969835Z","published":"2026-05-19T10:35:56Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-05-19T10:43:17.91042262Z","source":"ossf-package-analysis","sha256":"48d73ddb21eea57c267b1b39acf5321f70e09c87e9b4e9c18f0592310b43f8cc","modified_time":"2026-05-19T10:39:13Z","versions":["3.1.13"]},{"import_time":"2026-05-19T17:50:35.880123439Z","source":"amazon-inspector","sha256":"8437cc0ad1a14bf5694e8b5fbc17a0616033c1c473c6e71f46684172bc122ab3","modified_time":"2026-05-19T16:47:48Z","versions":["3.1.13"]},{"import_time":"2026-05-20T00:57:12.732538217Z","source":"ossf-package-analysis","sha256":"d552294a7ec0ac4a564708939828864043a90f93439a436bff01ab62968517df","modified_time":"2026-05-19T10:35:56Z","versions":["0.0.1"]}]},"affected":[{"package":{"name":"paysafe-gbp-virtual-terminal-lib-fe","ecosystem":"npm","purl":"pkg:npm/paysafe-gbp-virtual-terminal-lib-fe"},"versions":["3.1.13","0.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/paysafe-gbp-virtual-terminal-lib-fe/MAL-2026-4165.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}