OSV Malicious Advisory
scanned 8h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2025-6695 confirms this npm version as malicious. The package communicates with a domain associated with malicious activity.
Advisory
MAL-2025-6695
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in amdocs-core-package (npm)
Details
The package communicates with a domain associated with malicious activity.
---
## Source: amazon-inspector (1e196068c171b8528ec4f1f0db852ef32a7b530ecce14d79696a21c4f685c2c6) The package declares a preinstall hook that runs index.js on npm install. index.js requires https and os, reads os.hostname(), and issues an https.request POST to a hardcoded *.oastify.com Burp Collaborator subdomain, additionally embedding the hostname into the DNS label of that subdomain for out-of-band capture. Package metadata is placeholder (empty description and author, version 11.11.11, name shaped like an internal 'amdocs' scope), consistent with a dependency-confusion payload targeting an internal namespace. Installing the package causes the installer's host identifier to leave the machine to an attacker-controlled collaborator domain.
Decision reason
OpenSSF Malicious Packages via OSV confirms amdocs-core-package@11.11.11 as malicious (MAL-2025-6695): Malicious code in amdocs-core-package (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory