MAL-2024-7841

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/harthat-chain/MAL-2024-7841.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2024-7841

Published

2024-07-25T10:39:45Z

Modified

2024-07-30T00:15:00Z

Summary

Malicious code in harthat-chain (npm)

Details

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign.

Database specific

{
    "malicious-packages-origins": null
}

References

Credits

- Stacklok: trustypkg.dev - FINDER
- - https://discord.com/invite/RkzVuTp3WK

Affected packages

npm / harthat-chain

Package

Name: harthat-chain; View open source insights on deps.dev
Purl: pkg:npm/harthat-chain

Affected ranges

Affected versions

4.*

4.1.2

4.2.3