Malicious code in io.github.leetcrunch:scribejava-core (Maven)

MAL-2025-2552

Published Mar 19, 2025 · Modified Mar 20, 2025

Description

Source: google-open-source-security (8dd884cda209e50c2bd5185172f3c25968cb972cbd19234779b43f4f855f2d26)

A malicious Maven Java package a typosquatting a legitimate OAuth Maven
package. The malicious package collects and exfils OAuth credentials on
the 15th day of each month.

References

ARTICLE https://socket.dev/blog/malicious-maven-package-exfiltrates-oauth-credentials

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes