{"id":"MAL-2026-780","summary":"Malicious code in ac-element-engagement (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (781104558212062e46f87c009a2a0af57fb00f707c878b53dfc5a7c241cce06b)\nThe package ac-element-engagement was found to contain malicious code.\n\n## Source: ossf-package-analysis (eef247e16d151ebee82664252e941779eb47a9459bac9c66753fff360c19536f)\nThe OpenSSF Package Analysis project identified 'ac-element-engagement' @ 3.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-19T12:39:49.846020Z","published":"2026-02-06T02:07:02Z","database_specific":{"malicious-packages-origins":[{"sha256":"781104558212062e46f87c009a2a0af57fb00f707c878b53dfc5a7c241cce06b","modified_time":"2026-02-06T02:07:02Z","import_time":"2026-02-06T03:03:33.061328474Z","source":"amazon-inspector","ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}]},{"sha256":"eef247e16d151ebee82664252e941779eb47a9459bac9c66753fff360c19536f","modified_time":"2026-03-13T11:11:14Z","import_time":"2026-03-13T11:14:25.080306803Z","source":"ossf-package-analysis","versions":["3.0.1"]},{"sha256":"0d3fe15507b8eab989723ccc7c12bcffab4fe7171ae0276a9cf4052a703a946e","modified_time":"2026-03-18T12:37:27Z","import_time":"2026-03-19T12:18:31.836057217Z","id":"RLMA-2026-01090","source":"reversing-labs","versions":["99.9.9"]}]},"affected":[{"package":{"name":"ac-element-engagement","ecosystem":"npm","purl":"pkg:npm/ac-element-engagement"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["3.0.1","99.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ac-element-engagement/MAL-2026-780.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}