{"id":"MAL-2026-2915","summary":"Malicious code in bitu-staking (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (adb12160da2b84d2f9c21c6d5f3a2d803e574fcf593e9d84da3b5e8cbbdef96e)\nThe package bitu-staking was found to contain malicious code.\n\n## Source: ossf-package-analysis (56df091b6f8e60bdcb28ddedc915ec80febf40478125be39a5f773f10e0af8ba)\nThe OpenSSF Package Analysis project identified 'bitu-staking' @ 99.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-04-23T21:15:08.703569Z","published":"2026-04-12T23:47:27Z","database_specific":{"malicious-packages-origins":[{"versions":["99.0.0"],"modified_time":"2026-04-12T23:47:27Z","source":"ossf-package-analysis","import_time":"2026-04-20T03:11:15.165624695Z","sha256":"56df091b6f8e60bdcb28ddedc915ec80febf40478125be39a5f773f10e0af8ba"},{"versions":["99.0.0"],"modified_time":"2026-04-23T20:43:56Z","source":"amazon-inspector","import_time":"2026-04-23T20:49:13.673907125Z","sha256":"adb12160da2b84d2f9c21c6d5f3a2d803e574fcf593e9d84da3b5e8cbbdef96e"}]},"affected":[{"package":{"name":"bitu-staking","ecosystem":"npm","purl":"pkg:npm/bitu-staking"},"versions":["99.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bitu-staking/MAL-2026-2915.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}