MAL-2024-11522

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/alfooou/MAL-2024-11522.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-11522
Published
2024-10-03T15:11:09Z
Modified
2026-03-19T12:50:06.587383Z
Summary
Malicious code in alfooou (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (5bb42c1e46cc4a000429770c7e316646bab8170a9f1191e3f196a4f05a65605f)

Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-10-alfooou

Reasons (based on the campaign):

  • backdoor

  • obfuscation

Database specific 
{
    "iocs": {
        "urls": [
            "http://ec2-3-84-149-132.compute-1.amazonaws.com:3232/windows_dll"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "RLMA-2024-10965",
            "import_time": "2024-12-09T14:38:40.545785905Z",
            "sha256": "094300ca57214363c875154455ee09909af1a73611e5abe001693c03c701bbcf",
            "source": "reversing-labs",
            "modified_time": "2024-12-09T06:49:44Z",
            "versions": [
                "1.0.0",
                "1.0.1",
                "1.0.2",
                "1.0.4"
            ]
        },
        {
            "id": "pypi/2024-10-alfooou/alfooou",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:54.896207845Z",
            "sha256": "772fb60c21778086bc9508f874dba7509467cada06e135fa8167be8037a7573b",
            "source": "kam193",
            "modified_time": "2024-10-03T15:11:09Z"
        },
        {
            "id": "pypi/2024-10-alfooou/alfooou",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:17.940024049Z",
            "sha256": "5bb42c1e46cc4a000429770c7e316646bab8170a9f1191e3f196a4f05a65605f",
            "source": "kam193",
            "modified_time": "2024-10-03T15:11:09Z"
        },
        {
            "id": "pypi/2024-10-alfooou/alfooou",
            "import_time": "2025-12-10T21:38:57.246819408Z",
            "sha256": "8ee2f9727c8172c3183bccd30aff7f6ef6af934a16db0b5a5ea3d710e28c213d",
            "source": "kam193",
            "modified_time": "2024-10-03T15:11:09Z",
            "versions": [
                "1.0.0",
                "1.0.2",
                "1.0.1",
                "1.0.4"
            ]
        },
        {
            "id": "pypi/2024-10-alfooou/alfooou",
            "import_time": "2025-12-30T22:39:04.029658989Z",
            "sha256": "eed169b6cdcb77b8d45d9993928ec2ad30c34650aeef4bb18ae8e2f93b23b787",
            "source": "kam193",
            "modified_time": "2024-10-03T15:11:09Z",
            "versions": [
                "1.0.0",
                "1.0.1",
                "1.0.2",
                "1.0.4"
            ]
        },
        {
            "id": "RLUA-2026-00054",
            "import_time": "2026-03-19T12:19:21.679046588Z",
            "sha256": "c1acf64b709e06ebdf6de9db6478e491f1ba7760ffa956cd39db0983d9e12a07",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:10:54Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / alfooou

Package

Name
alfooou
View open source insights on deps.dev
Purl
pkg:pypi/alfooou

Affected ranges

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.4

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/alfooou/MAL-2024-11522.json"