MAL-2024-12308

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/my-main-manager/MAL-2024-12308.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-12308

Published

2024-12-01T16:55:36Z

Modified

2025-12-31T02:55:51.508319Z

Summary

Malicious code in my-main-manager (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282)

While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. The package only supports installing it

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-BetterMint

Reasons (based on the campaign):

infostealer
exfiltration-generic
Downloads and executes a remote executable.
keylogger
exfiltration-browser-data
The package contains code to detect if it is running in a sandbox environment.

Database specific

{
    "iocs": {
        "urls": [
            "https://github.com/yesjdnke/manager/releases/download/love/system_service.exe"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "pypi/2024-12-BetterMint/my-main-manager",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:55.351681287Z",
            "sha256": "6cf283fd067a322016531d1b62f6d9cb1446f30846bd27d92690685905477dea",
            "source": "kam193",
            "modified_time": "2024-12-01T16:55:36Z"
        },
        {
            "id": "pypi/2024-12-BetterMint/my-main-manager",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:18.382740315Z",
            "sha256": "ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282",
            "source": "kam193",
            "modified_time": "2024-12-01T16:55:36Z"
        },
        {
            "id": "pypi/2024-12-BetterMint/my-main-manager",
            "import_time": "2025-12-10T21:38:57.605373447Z",
            "sha256": "85a87f7b4ddd614e1fc5984e1520b2ee6317d858b231d530128a704bd4855a0e",
            "source": "kam193",
            "modified_time": "2024-12-01T16:55:36Z",
            "versions": [
                "1.0.9",
                "1.0.8",
                "1.0.11",
                "1.0.12"
            ]
        },
        {
            "id": "pypi/2024-12-BetterMint/my-main-manager",
            "import_time": "2025-12-30T22:39:04.133248871Z",
            "sha256": "cdd40bca92cb39552b44ba5cf6ceb906f25a3783c7a7035fe7e9b401fc766ff5",
            "source": "kam193",
            "modified_time": "2024-12-01T16:55:36Z",
            "versions": [
                "1.0.8",
                "1.0.9",
                "1.0.11",
                "1.0.12"
            ]
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / my-main-manager

Package

Name: my-main-manager; View open source insights on deps.dev
Purl: pkg:pypi/my-main-manager

Affected ranges

Affected versions

1.*

1.0.8

1.0.9

1.0.11

1.0.12

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/my-main-manager/MAL-2024-12308.json"