MAL-2024-10419

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/macque/MAL-2024-10419.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-10419

Published

2024-11-06T08:21:37Z

Modified

2025-12-03T00:26:37.719335Z

Summary

Malicious code in macque (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (0c5b7e592df550c15596a2c2f3b9d24c5ccacaec22351ccb8048a7aa16997590)

A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the username to the package author. There is no other purpose of the package.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-11-byted-dast

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
typosquatting
dependency-confusion

Source: ossf-package-analysis (15a5fa48a919f6629ee7d7f5ba6ce4075221700b4ba28e3f24438868a20d53a3)

The OpenSSF Package Analysis project identified 'macque' @ 99.7 (pypi) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Database specific

{
    "iocs": {
        "domains": [
            "byted-dast.com"
        ]
    },
    "malicious-packages-origins": [
        {
            "modified_time": "2024-11-06T08:21:37Z",
            "versions": [
                "99.7"
            ],
            "source": "ossf-package-analysis",
            "sha256": "15a5fa48a919f6629ee7d7f5ba6ce4075221700b4ba28e3f24438868a20d53a3",
            "import_time": "2024-11-06T08:37:40.232721444Z"
        },
        {
            "modified_time": "2024-11-06T18:46:10Z",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "sha256": "864a6361170b2f930d8458f74e4294170466f85a04b6482e183bba38b4d4ece1",
            "source": "kam193",
            "id": "pypi/2024-11-byted-dast/macque",
            "import_time": "2025-12-02T22:30:56.185407237Z"
        },
        {
            "modified_time": "2024-11-06T18:46:10Z",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "sha256": "0c5b7e592df550c15596a2c2f3b9d24c5ccacaec22351ccb8048a7aa16997590",
            "source": "kam193",
            "id": "pypi/2024-11-byted-dast/macque",
            "import_time": "2025-12-02T23:07:19.367328823Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/macque

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

PyPI / macque

Package

Name: macque; View open source insights on deps.dev
Purl: pkg:pypi/macque

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

99.*

99.7