registry  /  ecinc-cloud-moaxmpp  /  9.7.1

ecinc-cloud-moaxmpp@9.7.1

易臣云办公手机版-即时通讯

OSV Malicious Advisory

scanned 2h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2025-6214 confirms this npm version as malicious. Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific mobile application context. The `ecmoaxmpp.umd.js` file revealed a highly suspicious pattern...

Advisory
MAL-2025-6214
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in ecinc-cloud-moaxmpp (npm)
Details
Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific mobile application context. The `ecmoaxmpp.umd.js` file revealed a highly suspicious pattern. The code includes a function that checks if `window.mappType` is not equal to `'web'`. When this condition is met, it proceeds to call `window.$wv.databaseHandle`, a function that acts as a bridge to a native mobile application. The methods invoked through this bridge include 'execute', 'rawQuery', 'rawInsert', 'rawUpdate', and 'rawDelete', all of which indicate direct, raw access to a mobile device’s database. --- ## Source: amazon-inspector (278b09ddb42295dff2bd8c843131f7f3c9d4d793bb42dd797adbc9c6c825a656) The package was found to contain malicious code or consuming dependency that contains malicious code
Decision reason
OpenSSF Malicious Packages via OSV confirms ecinc-cloud-moaxmpp@9.7.1 as malicious (MAL-2025-6214): Malicious code in ecinc-cloud-moaxmpp (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory