MAL-2026-10617

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cosmos-cuda/MAL-2026-10617.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10617
Published
2026-07-14T20:02:31Z
Modified
2026-07-15T05:20:20.148264200Z
Summary
Malicious code in cosmos-cuda (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee)

The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function _beacon('build') from setup.py during sdist build/install and _beacon('import') from cosmos_cuda/init.py at import. Both code paths collect the installer's hostname, current username, and current working directory, then transmit them to the hardcoded external host oob.asyncrun.in via a DNS lookup of a crafted FQDN (socket.getaddrinfo) and via an HTTPS/HTTP GET request (urllib.request.urlopen). The package ships only as an sdist and uses version 9999.0.0 so that pip's highest-version resolution selects it when a name collision exists against an internal package resolved through --extra-index-url, forcing setup.py execution during install and producing arbitrary code execution and exfiltration on installers whose environment resolves the name.

Source: kam193 (bd8651969d2a82aa0c96bae9bce8bffaa3053dc4093fcafc614f7cda24b19542)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "kam193",
            "versions": [
                "9999.0.0",
                "9999.0.1"
            ],
            "sha256": "bd8651969d2a82aa0c96bae9bce8bffaa3053dc4093fcafc614f7cda24b19542",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/cosmos-cuda",
            "modified_time": "2026-07-14T20:08:17.123967Z",
            "import_time": "2026-07-14T20:28:26.768636157Z"
        },
        {
            "id": "IN-MAL-2026-010570",
            "versions": [
                "9999.0.0"
            ],
            "modified_time": "2026-07-14T21:33:45Z",
            "source": "amazon-inspector",
            "sha256": "c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee",
            "import_time": "2026-07-14T21:49:53.062805453Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / cosmos-cuda

Package

Affected ranges

Affected versions

9999.*
9999.0.0
9999.0.1

Database specific

cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
indicators
{
    "evidence_files": [
        {
            "path": "setup.py",
            "sha256": "1fc04f5e703ab9d279f94ac4e2743025555f1b4957d8e86eb2ceba76a6971ee5",
            "tlsh": "75515553952124b7e0c3a4d84931baf5b372f5176a02a578b9dcc384afce4b5c2a7944"
        }
    ],
    "package_integrity": [
        {
            "filename": "cosmos_cuda-9999.0.0.tar.gz",
            "hashes": {
                "blake2b_256": "ccbaaaef258d059f28f3da4973243d578a3c9710c664453b4de84c3bd2edc26f",
                "md5": "41e18b2d79e0fe12a24f94ccb13f2166",
                "sha256": "6bf38d784c1d4e951225d881171c2bda498560f5b4ac6b8181277be8c67147c5"
            }
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cosmos-cuda/MAL-2026-10617.json"