MAL-2024-12297

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/jupsolhelp/MAL-2024-12297.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-12297
Published
2024-08-10T16:25:59Z
Modified
2025-12-31T02:54:29.104722Z
Summary
Malicious code in jupsolhelp (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (1bc1615518392665ccc36d8c24a0e8e57ffce1147dfc8604c723513c28061743)

Once run, downloads and install from sleipnirbrowser[.]org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some kind of crypto tokens, and trying to impersonate a legitimate Slepnir web browser (https://en.wikipedia.org/wiki/Sleipnir_(web_browser)).

Later versions switched to install a software identified as LUMMA infostealer (e.g. https://tria.ge/240817-whze2aydkc), hidden in different executables


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-sleipnirbrowser-web3

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • dependency-confusion

  • crypto-related

  • modify-system-without-consent

  • impersonation

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "df6fc89f19417b2f9b4012e3bbf2dec9dd2b07197b110d88cb781b7e78af6cbe",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-08-10T16:25:59Z",
            "source": "kam193",
            "id": "pypi/2024-08-sleipnirbrowser-web3/jupsolhelp",
            "import_time": "2025-12-02T22:30:55.289120967Z"
        },
        {
            "sha256": "1bc1615518392665ccc36d8c24a0e8e57ffce1147dfc8604c723513c28061743",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-08-10T16:25:59Z",
            "source": "kam193",
            "id": "pypi/2024-08-sleipnirbrowser-web3/jupsolhelp",
            "import_time": "2025-12-02T23:07:18.313341901Z"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.2",
                "0.1.1",
                "0.1.3"
            ],
            "sha256": "34f8998e5d39bd92bd5c97b2ed9d0074614ff0eae272117032b781f53885c6c2",
            "modified_time": "2024-08-10T16:25:59Z",
            "source": "kam193",
            "id": "pypi/2024-08-sleipnirbrowser-web3/jupsolhelp",
            "import_time": "2025-12-10T21:38:57.558519848Z"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2",
                "0.1.3"
            ],
            "sha256": "68aa89d5dcbf47ece9a2cd4653811a12eaf3590c6268b096aeebb85b87266c98",
            "modified_time": "2024-08-10T16:25:59Z",
            "source": "kam193",
            "id": "pypi/2024-08-sleipnirbrowser-web3/jupsolhelp",
            "import_time": "2025-12-30T22:39:04.110936853Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://sleipnirbrowser.org/api/python/14526470/win",
            "https://sleipnirbrowser.org/api/python/79D83767/mac",
            "https://sleipnirbrowser.org/api/python/79D83767/win"
        ],
        "domains": [
            "sleipnirbrowser.org"
        ]
    }
}
References
Credits

Affected packages

PyPI / jupsolhelp

Package

Affected ranges

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/jupsolhelp/MAL-2024-12297.json"