{"id":"MAL-2025-192604","summary":"Malicious code in xbox-bottomnav (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (956281b4efe244dbc01ea826196ee41b5cca6af75d50aa903ecfc4ab5bac134b)\nThe package xbox-bottomnav was found to contain malicious code.\n\n## Source: ossf-package-analysis (b2d3bdbb6a8dfea031f61b5a839ab2d681218a5b690455f19a91b9bd53d8f507)\nThe OpenSSF Package Analysis project identified 'xbox-bottomnav' @ 99.99.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-12-22T21:51:17.488872Z","published":"2025-12-17T13:15:52Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-12-17T13:17:52.06589243Z","modified_time":"2025-12-17T13:15:52Z","sha256":"b2d3bdbb6a8dfea031f61b5a839ab2d681218a5b690455f19a91b9bd53d8f507","versions":["99.99.11"],"source":"ossf-package-analysis"},{"import_time":"2025-12-17T14:07:49.562945106Z","modified_time":"2025-12-17T14:01:16Z","sha256":"985142080073ccd7cc475821afe7c3484755e673174b9d73accda608b2584658","versions":["99.99.99"],"source":"ossf-package-analysis"},{"import_time":"2025-12-22T21:36:30.481620246Z","modified_time":"2025-12-22T21:23:26Z","sha256":"956281b4efe244dbc01ea826196ee41b5cca6af75d50aa903ecfc4ab5bac134b","versions":["99.99.11","99.99.99"],"source":"amazon-inspector"}]},"affected":[{"package":{"name":"xbox-bottomnav","ecosystem":"npm","purl":"pkg:npm/xbox-bottomnav"},"versions":["99.99.11","99.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/xbox-bottomnav/MAL-2025-192604.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}