{"id":"MAL-2024-11922","summary":"Malicious code in blz-internal-pkg_update (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (8c0576719ed89c86b80e8064de18e089618752aa208fa88dfc410ad73e84bf8e)\nThe OpenSSF Package Analysis project identified 'blz-internal-pkg_update' @ 7.7.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-12-20T17:05:51Z","published":"2024-12-19T11:50:49Z","database_specific":{"malicious-packages-origins":[{"sha256":"8c0576719ed89c86b80e8064de18e089618752aa208fa88dfc410ad73e84bf8e","modified_time":"2024-12-19T11:55:53Z","versions":["7.7.11"],"import_time":"2024-12-19T12:08:58.896188961Z","source":"ossf-package-analysis"},{"sha256":"932569e3f96886f9731675340f18ca15953074cb69922a6e77ef256b28b5363b","modified_time":"2024-12-19T11:50:49Z","versions":["7.7.9"],"import_time":"2024-12-19T12:08:58.806459796Z","source":"ossf-package-analysis"},{"sha256":"22b7ba0d1c3b8e5b5dd1164d61508d7d0bf9932f8fd52521ac672c50cb822bdd","modified_time":"2024-12-20T16:31:03Z","versions":["7.7.14"],"import_time":"2024-12-20T16:37:49.789561661Z","source":"ossf-package-analysis"},{"sha256":"a345201b8a7d112f2f876959b1a809c83236a7ab6d2f7136af1ab8362650a81c","modified_time":"2024-12-20T16:38:11Z","versions":["7.7.15"],"import_time":"2024-12-20T17:05:26.315186642Z","source":"ossf-package-analysis"},{"sha256":"b5569612611d419e23a32156cb4d1119182a1e298dfd25a70741bdd62c83573e","modified_time":"2024-12-20T16:40:54Z","versions":["7.7.16"],"import_time":"2024-12-20T17:05:26.387017047Z","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"blz-internal-pkg_update","ecosystem":"npm","purl":"pkg:npm/blz-internal-pkg_update"},"versions":["7.7.11","7.7.9","7.7.14","7.7.15","7.7.16"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/blz-internal-pkg_update/MAL-2024-11922.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}