MAL-2024-12275

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/genz-translator/MAL-2024-12275.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-12275
Published
2024-12-03T18:03:25Z
Modified
2025-12-31T02:53:51.233825Z
Summary
Malicious code in genz-translator (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9)

Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-genz-translator

Reasons (based on the campaign):

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "16c7427f62f2c145e31d5a6a910034e9c83393efbda927ee399a57ee2b86f5c8",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-12-03T18:03:25Z",
            "source": "kam193",
            "id": "pypi/2024-12-genz-translator/genz-translator",
            "import_time": "2025-12-02T22:30:55.219339238Z"
        },
        {
            "sha256": "983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-12-03T18:03:25Z",
            "source": "kam193",
            "id": "pypi/2024-12-genz-translator/genz-translator",
            "import_time": "2025-12-02T23:07:18.240665843Z"
        },
        {
            "versions": [
                "9000.0.1",
                "9001.0.1",
                "9002.0.1",
                "9003.0.1",
                "9004.0.1",
                "9005.0.1",
                "9007.0.1",
                "9006.0.1",
                "9008.0.1",
                "9009.0.1",
                "9010.0.1",
                "9011.0.1",
                "9012.0.1",
                "9013.0.1",
                "9014.0.1",
                "9015.0.1",
                "9016.0.1",
                "9017.0.1",
                "9018.0.1",
                "9019.0.1"
            ],
            "sha256": "c57fe7002570c3d58df6f32c77062b51cc08fb0a419bd4e895880e03d8a95941",
            "modified_time": "2024-12-03T18:03:25Z",
            "source": "kam193",
            "id": "pypi/2024-12-genz-translator/genz-translator",
            "import_time": "2025-12-10T21:38:57.50664842Z"
        },
        {
            "versions": [
                "9000.0.1",
                "9001.0.1",
                "9002.0.1",
                "9003.0.1",
                "9004.0.1",
                "9005.0.1",
                "9006.0.1",
                "9007.0.1",
                "9008.0.1",
                "9009.0.1",
                "9010.0.1",
                "9011.0.1",
                "9012.0.1",
                "9013.0.1",
                "9014.0.1",
                "9015.0.1",
                "9016.0.1",
                "9017.0.1",
                "9018.0.1",
                "9019.0.1"
            ],
            "sha256": "4e23c40024de950bb89ad189631bde2b687a3214525f1638019d85d8b268c39b",
            "modified_time": "2024-12-03T18:03:25Z",
            "source": "kam193",
            "id": "pypi/2024-12-genz-translator/genz-translator",
            "import_time": "2025-12-30T22:39:04.088845198Z"
        }
    ],
    "iocs": {
        "domains": [
            "covenant.thinkgreencorp.net",
            "servers.genzrulez.com"
        ]
    }
}
References
Credits

Affected packages

PyPI / genz-translator

Package

Affected ranges

Affected versions

9000.*
9000.0.1
9001.*
9001.0.1
9002.*
9002.0.1
9003.*
9003.0.1
9004.*
9004.0.1
9005.*
9005.0.1
9006.*
9006.0.1
9007.*
9007.0.1
9008.*
9008.0.1
9009.*
9009.0.1
9010.*
9010.0.1
9011.*
9011.0.1
9012.*
9012.0.1
9013.*
9013.0.1
9014.*
9014.0.1
9015.*
9015.0.1
9016.*
9016.0.1
9017.*
9017.0.1
9018.*
9018.0.1
9019.*
9019.0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/genz-translator/MAL-2024-12275.json"