MAL-2026-5861

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/solana-mev-bot/MAL-2026-5861.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5861
Published
2026-06-16T03:00:10Z
Modified
2026-06-16T04:01:49.138530461Z
Summary
Malicious code in solana-mev-bot (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb)

bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname(), os.userInfo(), and process.platform. The file also imports child_process and reads from the filesystem (fs.existsSync / fs.readFileSync) alongside the network exfiltration primitive. The destination is an attacker-operated Telegram bot, used as an exfiltration channel to siphon installer host identity and likely credential/wallet material from disk. The package name impersonates a Solana MEV trading utility to lure crypto users into running it.

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-006744",
            "import_time": "2026-06-16T03:49:20.111243144Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2026-06-16T03:00:10Z",
            "sha256": "e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb"
        }
    ]
}
References
Credits

Affected packages

npm / solana-mev-bot

Package

Name
solana-mev-bot
View open source insights on deps.dev
Purl
pkg:npm/solana-mev-bot

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/solana-mev-bot/MAL-2026-5861.json"
cwes 
[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]
indicators 
{
    "package_integrity": [
        {
            "filename": "solana-mev-bot-1.0.0.tgz",
            "hashes": {
                "sha1": "2ec4f70010359d3e333fb7e05c6fbf2020a59c0e",
                "sha512_sri": "sha512-jjVZDLDfs2dxwoejSK45GIfoMAC6yWCnythKJdPdtMBDhe2AlRhCK1YaBi396AjL5eI6YIJvMfE8rBqHWtbTgQ=="
            }
        }
    ],
    "evidence_files": [
        {
            "path": "bot.js",
            "sha256": "a3ebeaf11b3c1efde4a7956c0c8bd47a29726c15e825d5a46f2bde2ded3875e9",
            "tlsh": "bea184506efb623430f76cea9fb71c02251be603f900d994758d87d24fba128de129ad"
        }
    ]
}