MAL-2024-11716

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sunrequests/MAL-2024-11716.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-11716

Published

2024-09-26T08:43:05Z

Modified

2026-03-19T12:57:09.623205Z

Summary

Malicious code in sunrequests (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (314b140727c2d65586134b9e2722bdbba66be25e0f391d1b886cc08824783c63)

Running the module starts an infostealer attempting to exfiltrate credentials from webbrowsers

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-09-sunrequests

Reasons (based on the campaign):

infostealer
A Telegram webhook is used to send collected data.
dependency-confusion

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-12-09T06:51:15Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "57dac716ea0a53f73a2a35f4c60a8981b3d2cdcc8f39ff53c9b33ddaaeb4b696",
            "id": "RLMA-2024-11175",
            "source": "reversing-labs",
            "import_time": "2024-12-09T14:38:49.555534004Z"
        },
        {
            "modified_time": "2024-09-26T08:43:05Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "d3265a4b941339c7a8b35ce5b7f92d3362821768e3f455672751bcfcabbfefe6",
            "id": "pypi/2024-09-sunrequests/sunrequests",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.615716753Z"
        },
        {
            "modified_time": "2024-09-26T08:43:05Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "314b140727c2d65586134b9e2722bdbba66be25e0f391d1b886cc08824783c63",
            "id": "pypi/2024-09-sunrequests/sunrequests",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.656013832Z"
        },
        {
            "modified_time": "2024-09-26T08:43:05Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "00d84a989222c1beecdac2915f0d237ac14da98e88f3bd49a10dbfd8e17dcdd3",
            "id": "pypi/2024-09-sunrequests/sunrequests",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:57.846125628Z"
        },
        {
            "modified_time": "2026-03-18T12:19:07Z",
            "sha256": "284ba1536b4e30f17a9b531eba746983ae6e240f2fd3146c07898491229506b7",
            "id": "RLUA-2026-00787",
            "source": "reversing-labs",
            "import_time": "2026-03-19T12:20:30.415080281Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/sunrequests

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / sunrequests

Package

Name: sunrequests; View open source insights on deps.dev
Purl: pkg:pypi/sunrequests

Affected ranges

Affected versions

0.*

0.0.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sunrequests/MAL-2024-11716.json"