MAL-2026-4430

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@saidddddddddd/somethingelse/MAL-2026-4430.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4430
Withdrawn
2026-05-26T21:41:23Z
Published
2026-05-20T19:12:40Z
Modified
2026-05-27T00:32:05.604944339Z
Summary
Malicious code in @saidddddddddd/somethingelse (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d)

Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root (dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js, dist/lzg6wv3g94.js, dist/mbzwtchywb.js, dist/qqbh2u5u9j.js, dist/vzdg7whark.js, plus chunks under dist/chunks/) all containing dense hex-suffixed identifier obfuscation (_0xNNNNNN variable naming, shuffled string arrays). The bundles incorporate Chrome DevTools / chii remote-debugging front-end code (dist/core/i/chii/front_end/...), including ping/curl/network command primitives and fetch-based network calls. The combination of (a) randomly-named obfuscated entry files, (b) embedded remote-debugging/inspection tooling (chii is a remote DevTools backend that exposes a target browser to a remote inspector), and (c) network exfiltration primitives in those bundles is structurally consistent with a remote-control / device-inspection payload rather than a normal application library. The package scope @saidddddddddd/* shows no publisher reputation signals (placeholder-like name, no documented purpose matching the embedded chii tooling).

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-05-20T19:12:40Z",
            "versions": [
                "2.0.0"
            ],
            "sha256": "10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d",
            "id": "IN-MAL-2026-003595",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:55.730351659Z"
        }
    ]
}
References
Credits

Affected packages

npm / @saidddddddddd/somethingelse

Package

Name
@saidddddddddd/somethingelse
View open source insights on deps.dev
Purl
pkg:npm/%40saidddddddddd%2Fsomethingelse

Affected ranges

Affected versions

2.*
2.0.0

Database specific

indicators 
{
    "evidence_files": [
        {
            "sha256": "ffa8142b75b89a0388dcb0796eaf153513eed9451ffdc1169395598edc459c04",
            "tlsh": "f8b2b3017734c7bd2f0ecae396322e95f11e0f12605457b6602cfa6918d5a8beaed1b0",
            "path": "dist/0wj8nina9p.js"
        },
        {
            "sha256": "1c49597ad4bdd61d1f4220d1684f531200080d32361a97065c7391f6be2d880e",
            "tlsh": "1433c600a3a123b86ea74bfa623171e9e57f662e3c8c497af03c3d565ad0584d9fd530",
            "path": "dist/chunks/exv08g6z8l.js"
        },
        {
            "sha256": "89a6d808500184d7b289d72ae84a28014ecc260a0250a40acf77b687ff7a8a35",
            "tlsh": "2e91c950e3fa333b925a2bfbf0278158f3b946463a6c149ad10464567d54928cfd6e3c",
            "path": "dist/chunks/hh7bp28r2q.js"
        },
        {
            "sha256": "53f330a7b9e302fa1b05044c6dfa7e1de7ecd2993b92f961e6916b44148ed8e1",
            "tlsh": "5a23d721b3b0c6bd6e9b8ff7623291e8f42b170679402b51d01cfca52e55a83e9ed570",
            "path": "dist/chunks/sj1k9x8er5.js"
        },
        {
            "sha256": "c41ab6995a825e01aaa4915ae533fa8d2f82de99319813596e6003f303bf1ac4",
            "tlsh": "8f63a30e2bfb1174842370ab7f1f25216236805f7802d8a5bd9d5b942fea1350797fae",
            "path": "dist/core/i/chii/front_end/Tests.js"
        },
        {
            "sha256": "cc36728ffaaba9be7f5fcde3f5ba36abe0177471d6d41c129d6f9358eb916437",
            "tlsh": "4854f7533339543583a984ebe8a0776067212042b44390fdb86cdedf58dbd86737ab7a",
            "path": "dist/core/i/chii/front_end/panels/network/network.js"
        },
        {
            "sha256": "3d03afaddd42b3347455a4f0c02a96ed65e8be55d522e75071a9d55bb0d95075",
            "tlsh": "95957d5e625c37bb4bd201d8381f3606f2b8c914404dc8a0fea6ed99295968e317ff79",
            "path": "dist/core/i/chii/front_end/third_party/lighthouse/lighthouse-dt-bundle.js"
        },
        {
            "sha256": "669dd595254fcb4de39c0dc4f6c994c40fdd3bbaa5564157e2fddcb97260b56e",
            "tlsh": "e5d16501b2b5277e999f1fbb273590fcf1a5164bbc605c19d1d8ac7d3851729cad80b0",
            "path": "dist/g2gldlcg6a.js"
        },
        {
            "sha256": "82114569bbe59c80510b01e4dc2f9d019b44439c14fc3a3609124de2e888acee",
            "tlsh": "e2e1846373f033766a5f97f7e37f32e2d43a0d1a3946986a980c6c3009a9655e5f50b0",
            "path": "dist/k72k75nqjc.js"
        },
        {
            "sha256": "1c96c3d280c16db5a6f5f1e8077575bfb0b7e0c3abc6206ac14cbb019ba73f89",
            "tlsh": "d413a51077b4e77d2a1f8bebea3160d5e0311b02b401af6a95dcec0a2d66753d9ed4b0",
            "path": "dist/lzg6wv3g94.js"
        },
        {
            "sha256": "f025435936c7827ae4c82f628788e16f6519be3f5b554d34239258df2aaf9470",
            "tlsh": "ec52b41263b02b792dbb5bd7b926b6d1e02c04263e4649a9607db91e99f1900fbfc170",
            "path": "dist/mbzwtchywb.js"
        },
        {
            "sha256": "d5134b81ee28a0589959ae6f9da37b55aaa5bd125a64379201676dae5d3d1620",
            "tlsh": "29b29620e274973d6f8748a7b7318419e25a1651a98d9c1df0f8ac6dbfd2b14cbec1b0",
            "path": "dist/qqbh2u5u9j.js"
        },
        {
            "sha256": "b18cd88d7db477a11be4fab502863351d89e98136a58d8517f4007441758f07a",
            "tlsh": "8212da2473f4377e2a6b4be7a335b0d9e0772a0b7d40985ec00cbc653e56250eae54b5",
            "path": "dist/vzdg7whark.js"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-xfa/z5B98rNa+GLcsXqOnCbmkOXxG1GoIbLvwBtO7wI4j4Shzv5V1eE17ChHEw9rnswEPBjZvIlBD/HztFY6wg==",
                "sha1": "89cbb2ccd957dac996c7258f93b57127090ecdd3"
            },
            "filename": "somethingelse-2.0.0.tgz"
        }
    ]
}
cwes 
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@saidddddddddd/somethingelse/MAL-2026-4430.json"