MAL-2025-617

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/outlookapi/MAL-2025-617.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2025-617

Published

2025-01-21T17:33:44Z

Modified

2025-03-03T15:08:01Z

Summary

Malicious code in outlookapi (npm)

Details

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks.

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "78d159196069f071eef43c6eb4f01460881dc874f929dfa41456713d32094661",
            "import_time": "2025-03-03T15:06:57.67170521Z",
            "versions": [
                "1.0.0",
                "1.0.1",
                "1.0.2"
            ],
            "id": "RLMA-2025-01017",
            "source": "reversing-labs",
            "modified_time": "2025-03-03T13:34:50Z"
        }
    ]
}

References

Credits

- ReversingLabs - FINDER
- - https://www.reversinglabs.com
- Stacklok Insight: insight.stacklok.com - FINDER
- - https://discord.com/invite/RkzVuTp3WK

MAL-2025-617

Affected packages

npm / outlookapi

Package

Affected ranges

Affected versions

1.*