VDB
KO

MAL-2025-6695

Malicious code in amdocs-core-package (npm)

Details

The package communicates with a domain associated with malicious activity.

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (1e196068c171b8528ec4f1f0db852ef32a7b530ecce14d79696a21c4f685c2c6) The package declares a preinstall hook that runs index.js on npm install. index.js requires https and os, reads os.hostname(), and issues an https.request POST to a hardcoded *.oastify.com Burp Collaborator subdomain, additionally embedding the hostname into the DNS label of that subdomain for out-of-band capture. Package metadata is placeholder (empty description and author, version 11.11.11, name shaped like an internal 'amdocs' scope), consistent with a dependency-confusion payload targeting an internal namespace. Installing the package causes the installer's host identifier to leave the machine to an attacker-controlled collaborator domain.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / amdocs-core-package
Introduced in: 1.0.0

No fixed version published yet for amdocs-core-package (npm). Pin to a known-safe version or switch to an alternative.

References