-= Per source details. Do not edit below this line.=-
Installing the package attempts to exfiltrate GCP tokens. As it uses a random names and/or targets specific accounts, it's most probably a (pen)test.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2024-10-gal32fjdsbf89hnd-gcp-token
Reasons (based on the campaign):
{
"malicious-packages-origins": [
{
"versions": [
"1"
],
"sha256": "c493c8a2a17805e485a28fff3ad823f4edf63ef77104e1d4e772085dccc15001",
"modified_time": "2024-12-09T06:50:17Z",
"source": "reversing-labs",
"id": "RLMA-2024-11047",
"import_time": "2024-12-09T14:38:43.918422913Z"
},
{
"sha256": "c391b41e9ea140e884922c2ea915a321d2896acb982e1ee624659ed51ee0e342",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-10-22T13:55:39Z",
"source": "kam193",
"id": "pypi/2024-10-gal32fjdsbf89hnd-gcp-token/fidnffvvbfhghghhhh",
"import_time": "2025-12-02T22:30:56.044096946Z"
},
{
"sha256": "53e1b3f1fc19bbc10acfd813b8839f3831cc7624906c54a8ea4ca6a2d2706877",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-10-22T13:55:39Z",
"source": "kam193",
"id": "pypi/2024-10-gal32fjdsbf89hnd-gcp-token/fidnffvvbfhghghhhh",
"import_time": "2025-12-02T23:07:19.23547245Z"
},
{
"versions": [
"1"
],
"sha256": "b5bad1ff673c0086337a4ced5b66c046ee5f39ad5eab4c879a3e03a7ef6c1128",
"modified_time": "2024-10-22T13:55:39Z",
"source": "kam193",
"id": "pypi/2024-10-gal32fjdsbf89hnd-gcp-token/fidnffvvbfhghghhhh",
"import_time": "2025-12-10T21:38:58.37987038Z"
},
{
"sha256": "f7f1dca84b7fff020c6d7f2f7af85d8cdea754c7f5587aeb1999769117923408",
"modified_time": "2026-03-18T12:13:51Z",
"source": "reversing-labs",
"id": "RLUA-2026-00323",
"import_time": "2026-03-19T12:19:45.534547493Z"
}
]
}