{"id":"MAL-2026-3668","summary":"Malicious code in 0xegg2024 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317)\nTea.yaml token farming campaign\n","modified":"2026-05-13T20:23:26.910493Z","published":"2026-05-12T07:44:37Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-12T19:03:07Z","source":"amazon-inspector","sha256":"86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317","versions":["1.0.2"],"import_time":"2026-05-13T20:10:57.207180749Z","id":"IN-MAL-2026-002467"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/0xegg2024/v/1.0.2"}],"affected":[{"package":{"name":"0xegg2024","ecosystem":"npm","purl":"pkg:npm/0xegg2024"},"versions":["1.0.2"],"database_specific":{"cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"tlsh":"47115591ce28d9130bc528e09d781245a2351c6b8d38fc1c33a3936e8f5c5af18f8a7e","sha256":"ea7ae391b71c5a14f1f1a12f6a094c82a593fad25c8eb69b266225fa460d2aeb","path":"package.json"}],"package_integrity":[{"hashes":{"sha1":"0345856b85d14c56fe86c4c097719051f83c4962","sha512_sri":"sha512-3U5Pk9nCLajGoW9FLn/FccCX+T7dSiiyUGu+ADsB9Htk2+JdDJjbfd5wg/hs/uDtcVHJEXKbA4boCV8E0pRb3w=="},"filename":"0xegg2024-1.0.2.tgz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/0xegg2024/MAL-2026-3668.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}