MAL-2026-3600

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@mesadev/sdk/MAL-2026-3600.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-3600

Published

2026-05-12T05:49:00Z

Modified

2026-05-12T07:06:15.860124Z

Summary

Malicious code in @mesadev/sdk (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5)

This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor.

The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.

Database specific

{
    "iocs": {
        "domains": [
            "git-tanstack.com",
            "filev2.getsession.org",
            "api.masscan.cloud",
            "seed1.getsession.org"
        ]
    },
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-12T06:23:00.48559Z",
            "sha256": "5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5",
            "source": "google-open-source-security",
            "modified_time": "2026-05-12T06:19:26Z",
            "versions": [
                "0.10.1"
            ]
        }
    ]
}

References

Affected packages

npm / @mesadev/sdk

Package

Name: @mesadev/sdk; View open source insights on deps.dev
Purl: pkg:npm/%40mesadev/sdk

Affected ranges

Affected versions

0.*

0.28.3

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@mesadev/sdk/MAL-2026-3600.json"