MAL-2024-11536
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bitforger/MAL-2024-11536.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-11536
- Published
- 2024-09-28T09:22:43Z
- Modified
- 2026-03-19T12:51:10.061904Z
- Summary
- Malicious code in bitforger (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (9dff60a2be2c253f919aae6a6724cd140df2a3ca9bdcca9e637ea74bc987ac0f)
When running the module, this package attempts - depending on the version - to exfiltrate user files, a screenshot, or crypto wallets data (8.1.4).
Later continued under different package names.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-09-bitbit
Reasons (based on the campaign):
files-exfiltration
crypto-related
- Database specific
{ "iocs": { "urls": [ "https://raw.githubusercontent.com/skibiditoiletfan1123/someting23/refs/heads/main/fishrelease.pyw", "https://github.com/skibiditoiletfan1123/someting23" ] }, "malicious-packages-origins": [ { "import_time": "2024-12-09T14:38:41.158296874Z", "versions": [ "0", "0.1.0", "1.1.2", "1.1.3", "2.3.4", "2.3.5", "5.1", "5.1.4", "6.1.2", "8.1" ], "source": "reversing-labs", "id": "RLMA-2024-10981", "modified_time": "2024-12-09T06:49:50Z", "sha256": "87a11094f7b45e601e1a3832288695a1c8974868bffef13c2dedb55f33f74e16" }, { "import_time": "2025-12-02T22:30:54.996863084Z", "sha256": "8b428db04dbf710c24a731141654e1114f3d8d2ac8b2017b1bf56d2a7da5ae1f", "source": "kam193", "id": "pypi/2024-09-bitbit/bitforger", "modified_time": "2024-09-28T09:22:43Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "import_time": "2025-12-02T23:07:18.026924244Z", "sha256": "9dff60a2be2c253f919aae6a6724cd140df2a3ca9bdcca9e637ea74bc987ac0f", "source": "kam193", "id": "pypi/2024-09-bitbit/bitforger", "modified_time": "2024-09-28T09:22:43Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "import_time": "2025-12-10T21:38:57.320962162Z", "versions": [ "0.0", "0.1.0", "2.3.4", "1.1.2", "1.1.3" ], "source": "kam193", "id": "pypi/2024-09-bitbit/bitforger", "modified_time": "2024-09-28T09:22:43Z", "sha256": "27e4076848e0ef04dd12dd6a9c3a503b141bcf249313b814f5365b52a750057a" }, { "import_time": "2025-12-30T22:39:04.050410355Z", "versions": [ "0.0", "0.1.0", "1.1.2", "1.1.3", "2.3.4" ], "source": "kam193", "id": "pypi/2024-09-bitbit/bitforger", "modified_time": "2024-09-28T09:22:43Z", "sha256": "f97ede4616ee9fd0bf4ab4bba9dd44920e5c394c6591e1bfffd6ee73cf95a9e9" }, { "import_time": "2026-03-19T12:19:29.5343461Z", "source": "reversing-labs", "id": "RLUA-2026-00149", "modified_time": "2026-03-18T12:11:56Z", "sha256": "50f6baf1663a03e7fc7fe94b90e7c0f526441c9ff365100d3717b597739315ad" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / bitforger
Package
- Name
- bitforger
- View open source insights on deps.dev
- Purl
- pkg:pypi/bitforger