MAL-2024-12293
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/juphelp/MAL-2024-12293.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-12293
- Published
- 2024-08-10T16:25:59Z
- Modified
- 2025-12-12T20:38:05.936682Z
- Summary
- Malicious code in juphelp (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (11cd911a4d43440f44f1eadb92d5d8deda2dc85af9e4a5cf9b99e90918ffad07)
Once run, downloads and install from sleipnirbrowser[.]org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some kind of crypto tokens, and trying to impersonate a legitimate Slepnir web browser (https://en.wikipedia.org/wiki/Sleipnir_(web_browser)).
Later versions switched to install a software identified as LUMMA infostealer (e.g. https://tria.ge/240817-whze2aydkc), hidden in different executables
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-08-sleipnirbrowser-web3
Reasons (based on the campaign):
Downloads and executes a remote executable.
dependency-confusion
crypto-related
modify-system-without-consent
impersonation
- Database specific
{ "iocs": { "urls": [ "https://sleipnirbrowser.org/api/python/14526470/win", "https://sleipnirbrowser.org/api/python/79D83767/mac", "https://sleipnirbrowser.org/api/python/79D83767/win" ], "domains": [ "sleipnirbrowser.org" ] }, "malicious-packages-origins": [ { "id": "pypi/2024-08-sleipnirbrowser-web3/juphelp", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:55.284047466Z", "sha256": "08e4d91a0927681aeb85d052531c0e1943924f1cdc0d5dc72988a4a57a811267", "source": "kam193", "modified_time": "2024-08-10T16:25:59Z" }, { "id": "pypi/2024-08-sleipnirbrowser-web3/juphelp", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:18.307980898Z", "sha256": "11cd911a4d43440f44f1eadb92d5d8deda2dc85af9e4a5cf9b99e90918ffad07", "source": "kam193", "modified_time": "2024-08-10T16:25:59Z" }, { "id": "pypi/2024-08-sleipnirbrowser-web3/juphelp", "import_time": "2025-12-10T21:38:57.552729614Z", "sha256": "7c1c7412f1dad777d6f003f5560ac9fd09aa0cc3cb4e6987cbbbe395a6586b37", "source": "kam193", "modified_time": "2024-08-10T16:25:59Z", "versions": [ "0.1.0" ] } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
Affected packages
PyPI / juphelp
Package
- Name
- juphelp
- View open source insights on deps.dev
- Purl
- pkg:pypi/juphelp