MAL-2024-11741
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/useregent-generator/MAL-2024-11741.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-11741
- Published
- 2024-10-07T22:16:18Z
- Modified
- 2026-03-19T12:58:01.295777Z
- Summary
- Malicious code in useregent-generator (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (f0c8bbc66c2a8384b2a35340f4e3204351fbeb78d88a11bec270f8e3e52b5636)
Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code, exfiltrate TXT files and finally installs infostealers - Lumma and a custom one. Arround L110
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-10-fake-usreagent
Reasons (based on the campaign):
infostealer
files-exfiltration
clipboard-stealing
obfuscation
clones-real-package
action-hidden-in-lib-usage
- Database specific
{ "iocs": { "domains": [ "ethscanold.com", "crypto-api.net" ], "urls": [ "https://ethscanold.com/ex_ewq1/2e.exe", "https://ethscanold.com/ex_ewq1/cdr2.exe", "https://ethscanold.com/r.php" ] }, "malicious-packages-origins": [ { "id": "RLMA-2024-11202", "sha256": "1dc2a3f3e1dfda0cca42b2a0d5dd9f5f89c9f62f98225049dcc25db6ca079336", "source": "reversing-labs", "versions": [ "1.6.5" ], "modified_time": "2024-12-09T06:51:25Z", "import_time": "2024-12-09T14:38:50.765508127Z" }, { "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "id": "pypi/2024-10-fake-usreagent/useregent-generator", "sha256": "86aca124212af00c9576471eba0b3842cdeab589089ccada90890b283400d465", "source": "kam193", "modified_time": "2024-10-07T22:16:18Z", "import_time": "2025-12-02T22:30:55.696387646Z" }, { "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "id": "pypi/2024-10-fake-usreagent/useregent-generator", "sha256": "f0c8bbc66c2a8384b2a35340f4e3204351fbeb78d88a11bec270f8e3e52b5636", "source": "kam193", "modified_time": "2024-10-07T22:16:18Z", "import_time": "2025-12-02T23:07:18.741749134Z" }, { "id": "pypi/2024-10-fake-usreagent/useregent-generator", "sha256": "55e728d0612d4dbdba8f0dbd916f3fdc2f617652af191d024bef18036ce3366c", "source": "kam193", "versions": [ "1.6.5" ], "modified_time": "2024-10-07T22:16:18Z", "import_time": "2025-12-10T21:38:57.916514307Z" }, { "id": "RLUA-2026-00877", "sha256": "115547d162414af6a7357adfe733e0e795f3f345b506119ff5e59082324d09bf", "source": "reversing-labs", "modified_time": "2026-03-18T12:20:03Z", "import_time": "2026-03-19T12:20:39.27387197Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / useregent-generator
Package
- Name
- useregent-generator
- View open source insights on deps.dev
- Purl
- pkg:pypi/useregent-generator