{"id":"MAL-2026-2955","summary":"Malicious code in megabank-worklist (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (51f0a379223d486978f097d6f97b1d3a1fd307bb725be56c7baa2bc8ff72d297)\nThe package megabank-worklist was found to contain malicious code.\n\n## Source: ossf-package-analysis (67b82e2f7e8ec078f92a9f21610cd4f1347f25bbf96416e0a76ade90b60d242f)\nThe OpenSSF Package Analysis project identified 'megabank-worklist' @ 999.99.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-04-23T21:16:27.531747Z","published":"2026-04-20T15:51:23Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-04-20T16:31:16.605695094Z","sha256":"67b82e2f7e8ec078f92a9f21610cd4f1347f25bbf96416e0a76ade90b60d242f","versions":["999.99.9"],"source":"ossf-package-analysis","modified_time":"2026-04-20T15:51:23Z"},{"import_time":"2026-04-23T20:49:10.91788199Z","sha256":"51f0a379223d486978f097d6f97b1d3a1fd307bb725be56c7baa2bc8ff72d297","versions":["999.99.9"],"source":"amazon-inspector","modified_time":"2026-04-23T20:43:56Z"}]},"affected":[{"package":{"name":"megabank-worklist","ecosystem":"npm","purl":"pkg:npm/megabank-worklist"},"versions":["999.99.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/megabank-worklist/MAL-2026-2955.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}