mal-2026-6709
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (8c98ee24f91eaab2bc8360306a75519ae167dcbc3c7bd38cc395fbaa9590f4cd)
Package name impersonates the popular vega-lite library but ships no vega functionality — only a preinstall exfiltration stub. package.json declares preinstall: node index.js. On npm install, index.js collects os.hostname(), platform, arch, os.userInfo() (username/uid/gid/shell), homedir, cwd, and the output of whoami and id executed via child_process, then POSTs the JSON payload to a hardcoded Burp Collaborator subdomain at https://kbztayu6auucui8s9ucz2mujkaq1er2g.oastify.com/detox56. The combination of typosquat naming, absence of library functionality, automatic preinstall execution, shell reconnaissance, and an attacker-controlled exfil endpoint is an unambiguous supply-chain attack against developers who mistype or are tricked into installing the lookalike.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "index.js",
"sha256": "cdbd2760dbc11550f16b946a5235ea37a6e087d6a218afe61c4094176f415e41",
"tlsh": "d95130c515f65a241ba7b8494a4f9402a327e1033509ee59bfcc8740af9937c97f0bf6"
},
{
"path": "package.json",
"sha256": "0e9905e7823ccf92b80fd5830f3411d633e6a7d29017309034f2f271a947c917",
"tlsh": "dad05e244d22552325c102a2582b944772628e2f15143c0867cb582c918e37798fa35d"
}
],
"package_integrity": [
{
"filename": "vega-lite-next-19.2.1.tgz",
"hashes": {
"sha1": "65cf1aef6c27a72fd95cc73b23ad2e82f4cd3207",
"sha512_sri": "sha512-YWd3sgyY3OBKWeSYg1AvVpX1taenLmMiExmlSIZY7kjzxKBHTtRcawrStlklibYm1M1oK4Hh0FxxBClLJm5plA=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "vega-lite-next"
},
"versions": [
"19.2.1"
]
}
],
"credits": [
{
"contact": [
"inspector-research@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-007875",
"import_time": "2026-07-01T20:12:12.40132599Z",
"modified_time": "2026-07-01T19:16:14Z",
"sha256": "8c98ee24f91eaab2bc8360306a75519ae167dcbc3c7bd38cc395fbaa9590f4cd",
"source": "amazon-inspector",
"versions": [
"19.2.1"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8c98ee24f91eaab2bc8360306a75519ae167dcbc3c7bd38cc395fbaa9590f4cd)\nPackage name impersonates the popular vega-lite library but ships no vega functionality \u2014 only a preinstall exfiltration stub. package.json declares `preinstall: node index.js`. On `npm install`, index.js collects os.hostname(), platform, arch, os.userInfo() (username/uid/gid/shell), homedir, cwd, and the output of `whoami` and `id` executed via child_process, then POSTs the JSON payload to a hardcoded Burp Collaborator subdomain at https://kbztayu6auucui8s9ucz2mujkaq1er2g.oastify.com/detox56. The combination of typosquat naming, absence of library functionality, automatic preinstall execution, shell reconnaissance, and an attacker-controlled exfil endpoint is an unambiguous supply-chain attack against developers who mistype or are tricked into installing the lookalike.\n",
"id": "MAL-2026-6709",
"modified": "2026-07-01T19:16:14Z",
"published": "2026-07-01T19:16:14Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/vega-lite-next/v/19.2.1"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in vega-lite-next (npm)"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.