MAL-2024-9944
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/asciidrawing/MAL-2024-9944.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-9944
- Published
- 2024-09-20T10:55:48Z
- Modified
- 2025-12-12T20:35:35.068017Z
- Summary
- Malicious code in asciidrawing (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (633d53a1b6bcde673f71f2788cc6c268f7eef20552eb7a0dc3f533f6a9a7ad12)
During installation, a Discord webhook is used to exfiltrate basic data. The package seems to attempt impersonating the "asciidraw" package (some files and description in setup.py are copied).
The other package, pdf2doc, as well as time correlation suggests the uploader is related to the 2024-09-bondonioanderas-cryptominer campaign as well.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-09-sampleuser123-asciidrawing
Reasons (based on the campaign):
The package overrides the install command in setup.py to execute malicious code during installation.
impersonation
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
clones-real-package
dependency-confusion
Source: ossf-package-analysis (2dd9ac0d2ef9e9bb84011c475ec24faabed0759dfceb9385fc5904e42f045029)
The OpenSSF Package Analysis project identified 'asciidrawing' @ 0.1.2 (pypi) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2024-10-24T00:56:53.525725666Z", "modified_time": "2024-10-16T14:36:30Z", "source": "reversing-labs", "sha256": "24cf3acf1b2bea67c15883ad235855bc9cb0687b5e61819c83ac73c5e0a6f3ac", "id": "RLMA-2024-07834", "versions": [ "0.1.1", "0.1.2" ] }, { "import_time": "2025-02-10T05:35:46.793224951Z", "modified_time": "2024-09-20T10:55:48Z", "source": "ossf-package-analysis", "sha256": "2dd9ac0d2ef9e9bb84011c475ec24faabed0759dfceb9385fc5904e42f045029", "versions": [ "0.1.2" ] }, { "import_time": "2025-12-02T22:30:54.94194375Z", "modified_time": "2024-09-20T11:42:29Z", "source": "kam193", "sha256": "d2a9162ee0759b5f5b7e19384bd2b1f13aa36214797e4a099d6960ea0da4f7a7", "id": "pypi/2024-09-sampleuser123-asciidrawing/asciidrawing", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ] }, { "import_time": "2025-12-02T23:07:17.981260308Z", "modified_time": "2024-09-20T11:42:29Z", "source": "kam193", "sha256": "633d53a1b6bcde673f71f2788cc6c268f7eef20552eb7a0dc3f533f6a9a7ad12", "id": "pypi/2024-09-sampleuser123-asciidrawing/asciidrawing", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ] }, { "import_time": "2025-12-10T21:38:57.286766663Z", "modified_time": "2024-09-20T11:42:29Z", "source": "kam193", "sha256": "4a33f450171fccce762c65b1ed1296012b4dbdf92c1507c5ad07957c43ca7d50", "id": "pypi/2024-09-sampleuser123-asciidrawing/asciidrawing", "versions": [ "0.1.2" ] } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / asciidrawing
Package
- Name
- asciidrawing
- View open source insights on deps.dev
- Purl
- pkg:pypi/asciidrawing