MAL-2024-11577

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordmessager/MAL-2024-11577.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-11577
Published
2024-10-13T09:30:47Z
Modified
2026-03-19T12:52:40.845721Z
Summary
Malicious code in discordmessager (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (119a7015f090394365981291b03c6f5855b4dfd33da674c238c0c4323063a32a)

During installation, a remote, highly obfuscated script is downloaded and executed.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-10-discordmessager

Reasons (based on the campaign):

  • obfuscation

  • dependency-confusion

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1",
                "0.2",
                "0.3"
            ],
            "sha256": "95655f832409bc19cc0576c0267f59bb1edf5e2db7ccca0afa50990c5c0d6059",
            "modified_time": "2024-12-09T06:50:08Z",
            "source": "reversing-labs",
            "id": "RLMA-2024-11026",
            "import_time": "2024-12-09T14:38:43.201801172Z"
        },
        {
            "sha256": "9b0c51e214522a846c042380fb38951d1777affc0582a692da5a15f88537afa3",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-10-13T09:30:47Z",
            "source": "kam193",
            "id": "pypi/2024-10-discordmessager/discordmessager",
            "import_time": "2025-12-02T22:30:55.108808079Z"
        },
        {
            "sha256": "119a7015f090394365981291b03c6f5855b4dfd33da674c238c0c4323063a32a",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-10-13T09:30:47Z",
            "source": "kam193",
            "id": "pypi/2024-10-discordmessager/discordmessager",
            "import_time": "2025-12-02T23:07:18.120133499Z"
        },
        {
            "versions": [
                "0.3",
                "0.1",
                "0.2"
            ],
            "sha256": "a15f5978673e708d1de9f11f1aa83b816fe1655a189e1b4ca48af217836edab8",
            "modified_time": "2024-10-13T09:30:47Z",
            "source": "kam193",
            "id": "pypi/2024-10-discordmessager/discordmessager",
            "import_time": "2025-12-10T21:38:57.404579568Z"
        },
        {
            "versions": [
                "0.1",
                "0.2",
                "0.3"
            ],
            "sha256": "e48f0626dc6edb013809a09db00d4cb8d9abcce52089be43da8e53811d9c05e0",
            "modified_time": "2024-10-13T09:30:47Z",
            "source": "kam193",
            "id": "pypi/2024-10-discordmessager/discordmessager",
            "import_time": "2025-12-30T22:39:04.073669298Z"
        },
        {
            "sha256": "e2494bb5f70e8f5e58d154b7b326bed57bc7ba5d2e0185b30840462f635cd79e",
            "modified_time": "2026-03-18T12:13:19Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00273",
            "import_time": "2026-03-19T12:19:40.917965154Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://www.dropbox.com/scl/fi/vckgtlr6pq92uspoj3bku/634364.pyw?rlkey=w2st1zif9lbd4oxz44utimsuv&st=ptdwmi5d&dl=1"
        ]
    }
}
References
Credits

Affected packages

PyPI / discordmessager

Package

Affected ranges

Affected versions

0.*
0.1
0.2
0.3

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordmessager/MAL-2024-11577.json"