MAL-2024-10241

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/youreallydontwantthispackage2131/MAL-2024-10241.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-10241

Published

2024-10-22T13:55:39Z

Modified

2025-12-12T20:41:26.597233Z

Summary

Malicious code in youreallydontwantthispackage2131 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (8bca93b1825c930118e85cc054305e6aef120080f8cc68233467eb6ee7b3ff1d)

Installing the package attempts to exfiltrate GCP tokens. As it uses a random names and/or targets specific accounts, it's most probably a (pen)test.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-10-gal32fjdsbf89hnd-gcp-token

Reasons (based on the campaign):

exfiltration-cloud-tokens

Source: ossf-package-analysis (287818178d5bd4e83a85547242db772b2e39cbcc17038f0a01da63f787d510b9)

The OpenSSF Package Analysis project identified 'youreallydontwantthispackage2131' @ 1.0.1 (pypi) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "287818178d5bd4e83a85547242db772b2e39cbcc17038f0a01da63f787d510b9",
            "source": "ossf-package-analysis",
            "import_time": "2024-10-28T09:35:46.295040856Z",
            "modified_time": "2024-10-28T09:18:02Z",
            "versions": [
                "1.0.1"
            ]
        },
        {
            "sha256": "fd68729e22ccdbb007d2100a3623bff161349d465e0786824c041e034e1c78e1",
            "source": "ossf-package-analysis",
            "import_time": "2024-10-28T09:35:46.211988066Z",
            "modified_time": "2024-10-28T09:07:33Z",
            "versions": [
                "1"
            ]
        },
        {
            "sha256": "59a625d21a28cbccdc17039b309f3ff2765e7b424c297645f576bd457e8a7a56",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:56.520055729Z",
            "modified_time": "2024-10-22T13:55:39Z",
            "id": "pypi/2024-10-gal32fjdsbf89hnd-gcp-token/youreallydontwantthispackage2131",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ]
        },
        {
            "sha256": "8bca93b1825c930118e85cc054305e6aef120080f8cc68233467eb6ee7b3ff1d",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:19.703651661Z",
            "modified_time": "2024-10-22T13:55:39Z",
            "id": "pypi/2024-10-gal32fjdsbf89hnd-gcp-token/youreallydontwantthispackage2131",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ]
        },
        {
            "sha256": "b32a46c1e994df774a402331725f1ba097b17029b1e907e2964de4cade1e2e55",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:58.789757855Z",
            "modified_time": "2024-10-22T13:55:39Z",
            "id": "pypi/2024-10-gal32fjdsbf89hnd-gcp-token/youreallydontwantthispackage2131",
            "versions": [
                "1.0.1",
                "1"
            ]
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/youreallydontwantthispackage2131

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

PyPI / youreallydontwantthispackage2131

Package

Name: youreallydontwantthispackage2131; View open source insights on deps.dev
Purl: pkg:pypi/youreallydontwantthispackage2131

MAL-2024-10241

Source: kam193 (8bca93b1825c930118e85cc054305e6aef120080f8cc68233467eb6ee7b3ff1d)

Source: ossf-package-analysis (287818178d5bd4e83a85547242db772b2e39cbcc17038f0a01da63f787d510b9)

Affected packages

PyPI / youreallydontwantthispackage2131

Package

Affected ranges

Affected versions

Other

1.*