-= Per source details. Do not edit below this line.=-
cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-version resolution on installers that mix a private index with PyPI. setup.py (executed at sdist build/install) and cosmos_gradio/init.py (executed on import) run the same beacon that collects the installer's hostname, OS username, and current working directory and transmits them to the hardcoded domain oob.asyncrun.in via two channels: (1) a DNS lookup where the '<hostname>|<user>' pair is base32-encoded into a subdomain label under oob.asyncrun.in (out-of-band DNS exfiltration that works even when HTTP egress is blocked), and (2) an HTTP GET carrying the same fields as query-string parameters, with HTTPS attempted first and a plaintext-HTTP fallback. The package name collides with a plausible internal 'cosmos-gradio' package and the release is sdist-only specifically to force setup.py execution on pip install.
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
{
"malicious-packages-origins": [
{
"modified_time": "2026-07-14T20:08:19.009662Z",
"source": "kam193",
"import_time": "2026-07-14T20:28:26.769516551Z",
"id": "pypi/GENERIC-standard-pypi-install-pentest/cosmos-gradio",
"versions": [
"9999.0.0",
"9999.0.1"
],
"sha256": "4d4ef10feeb0a6a16e38e35a866181dda9f270340238049becb9532b4dce2841"
},
{
"modified_time": "2026-07-14T21:33:34Z",
"source": "amazon-inspector",
"import_time": "2026-07-14T21:49:52.951251501Z",
"id": "IN-MAL-2026-010569",
"versions": [
"9999.0.0"
],
"sha256": "9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2"
}
]
}{
"package_integrity": [
{
"filename": "cosmos_gradio-9999.0.0.tar.gz",
"hashes": {
"md5": "758a2a119b9b16403f02d33d36707dde",
"blake2b_256": "24c8edd2d571c99ae1f3180a07f68cb9d67cc302cb06fb0318098e6713a45534",
"sha256": "5a7301312d77a63e9e0f26058519bdcc0588846d148fccde5c633663d2295cc8"
}
}
],
"evidence_files": [
{
"tlsh": "94515513a42124b7e087a4d85971b6f5f332e52b6f02a538badcc3846fce4b5c2a7954",
"path": "setup.py",
"sha256": "1e893e675b8ca390fe10afd9b8e93eaf9a08cb204f89f5ef12f57840bb97be84"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cosmos-gradio/MAL-2026-10618.json"
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]