MAL-2024-11712
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spider-ai/MAL-2024-11712.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-11712
- Published
- 2024-10-02T09:16:00Z
- Modified
- 2026-03-19T12:57:02.113303Z
- Summary
- Malicious code in spider-ai (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (aaeb144e288d0288f6013d64f0e9e57164e5c3eded3924fd2282577b59c28f1a)
Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is not mentioned in the package description. Instead, the description lures to offer advanced features.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-09-spider-ai
Reasons (based on the campaign):
exfiltration-generic
A Telegram webhook is used to send collected data.
action-hidden-in-lib-usage
- Database specific
{ "iocs": { "domains": [ "01d73592-4d64-43f7-b664-ecd679686756-00-30a5f50srzeko.janeway.replit.dev" ] }, "malicious-packages-origins": [ { "source": "reversing-labs", "id": "RLMA-2024-11170", "modified_time": "2024-12-09T06:51:12Z", "sha256": "b6044e2088bfccda6a25000a9147c5ee04bdc85b41f6892dffd21d4712a52c9a", "versions": [ "0.1", "0.2", "0.3" ], "import_time": "2024-12-09T14:38:49.350728416Z" }, { "source": "kam193", "id": "pypi/2024-09-spider-ai/spider-ai", "modified_time": "2024-10-02T09:16:00Z", "sha256": "78594d424d08bb8ed6403dbf803ae8a366d7632b1b3e2f8c06ccd2b2a3fcd528", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:55.606633378Z" }, { "source": "kam193", "id": "pypi/2024-09-spider-ai/spider-ai", "modified_time": "2024-10-02T09:16:00Z", "sha256": "aaeb144e288d0288f6013d64f0e9e57164e5c3eded3924fd2282577b59c28f1a", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:18.64632273Z" }, { "source": "kam193", "id": "pypi/2024-09-spider-ai/spider-ai", "modified_time": "2024-10-02T09:16:00Z", "sha256": "fdebde4ac8f6a4c71147ea096292f248a48ded6a1a0acb428ae7b2d6e6e0b6ec", "versions": [ "0.1", "0.3", "1.1", "1.0", "0.4" ], "import_time": "2025-12-10T21:38:57.836186941Z" }, { "source": "kam193", "id": "pypi/2024-09-spider-ai/spider-ai", "modified_time": "2024-10-02T09:16:00Z", "sha256": "285e152d1207273a83ab3dfe450adee76419556042defd9de2fd2ab48a5f5419", "versions": [ "0.1", "0.3", "0.4", "1.0", "1.1" ], "import_time": "2025-12-30T22:39:04.183346551Z" }, { "source": "reversing-labs", "id": "RLUA-2026-00775", "modified_time": "2026-03-18T12:18:59Z", "sha256": "2c8810dd75efaab9b1c502941ae8b2ce5b66bcb1ad5a5cf45cd23fc2d561693c", "import_time": "2026-03-19T12:20:29.282120511Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / spider-ai
Package
- Name
- spider-ai
- View open source insights on deps.dev
- Purl
- pkg:pypi/spider-ai