{"id":"MAL-2023-1144","summary":"Malicious code in confusedatma (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df)\nThe OpenSSF Package Analysis project identified 'confusedatma' @ 9.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-06-28T02:53:15Z","published":"2023-05-05T04:16:38Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df","modified_time":"2023-05-10T03:13:16.931824891Z","import_time":"2023-08-10T06:15:46.795432541Z","versions":["9.9.9"]},{"source":"ossf-package-analysis","sha256":"605b64358ee64e963995267f1ef5e3a9b6e7346fb86d32848f94f22f5085122e","modified_time":"2023-05-05T04:16:38.850423058Z","import_time":"2023-08-10T06:15:40.975748197Z","versions":["4.0.0"]},{"versions":["4.0.0","6.0.0"],"source":"reversing-labs","sha256":"57a82243e7a8aee9237280de263d80d7a052028baef6e6d53dbe54b51abd220b","modified_time":"2024-06-25T12:34:18Z","import_time":"2024-06-28T02:42:28.715167431Z","id":"RLMA-2024-00630"}]},"affected":[{"package":{"name":"confusedatma","ecosystem":"npm","purl":"pkg:npm/confusedatma"},"versions":["9.9.9","4.0.0","6.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/confusedatma/MAL-2023-1144.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}