MAL-2026-10758

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mfq-private-encoder/MAL-2026-10758.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10758
Published
2026-07-16T18:48:40Z
Modified
2026-07-16T19:20:02.518100770Z
Summary
Malicious code in mfq-private-encoder (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (6f2c0f78a3c5677481645e05e125f32273435610a1208a17ca4f852cb7f56b0e)

The package advertises a Python source-code encoder but has no local codec. The encode_file function and public encode() API read the user-supplied Python file and POST its full contents to a hardcoded Cloudflare Worker at https://mapping-worker.email-ecf.workers.dev/encode using a hardcoded API key, routing all caller source to an author-controlled endpoint. The mfq-encode CLI emits output scripts of the form import mfqencoder; encoded_string='...'; exec(mfqencoder.decode(encoded_string)), where mfqencoder.decode POSTs to https://mapping-worker.email-ecf.workers.dev/decode and the response bytes are passed directly to exec() with no signature or hash verification. Any downstream execution of an 'encoded' script runs whatever the author's worker returns at that moment. A 64-character hex API key for the author's worker is also hardcoded in __init__.py, encoder.py, and decoder.py.

Database specific
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-07-16T18:54:05.184854042Z",
            "sha256": "6f2c0f78a3c5677481645e05e125f32273435610a1208a17ca4f852cb7f56b0e",
            "modified_time": "2026-07-16T18:48:40Z",
            "versions": [
                "1.0.0"
            ],
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010793"
        }
    ]
}
References
Credits

Affected packages

PyPI / mfq-private-encoder

Package

Name
mfq-private-encoder
View open source insights on deps.dev
Purl
pkg:pypi/mfq-private-encoder

Affected ranges

Affected versions

1.*
1.0.0

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "mfq_private_encoder-1.0.0-py3-none-any.whl",
            "hashes": {
                "sha256": "7d0d181c40bb8f406cb1fbf055407c709dd6e9bf7d28e6540e317c16fda9659d",
                "blake2b_256": "a33a943f17b72380750b18d6b241dba95a53116e37e07e80b35af21c891151bc",
                "md5": "41b21850a0be57dcbd8b02af4ae9571b"
            }
        },
        {
            "filename": "mfq_private_encoder-1.0.0.tar.gz",
            "hashes": {
                "sha256": "32ac6fb0a0352529af75988d0d7fa26b1fb65d76da6e7dd54f90df12d9762d1e",
                "blake2b_256": "cc94af2414f8d8077b15cd52d016472f6d80ee097ea208147b04af8e7b216e20",
                "md5": "255b475e0a760121e5072206e812565b"
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "a1313112ccc29651af83c16c086e990d523db5271760a5603e6c1be83f4ab33d9f38bd",
            "sha256": "7d6ef501d82acb28bc36a82e3379a9451653ec58fded92eed7b9abee3ba85d34",
            "path": "mfqencoder/encoder.py"
        },
        {
            "tlsh": "b311ce86ed2152417f4b83a8c817590b697c6d3a15e87048beac126c6f4fff6d070177",
            "sha256": "6483b4991aeea1b90575cda93cf5bbe41f74211f1b45da000bba1ec6d959d017",
            "path": "mfqencoder/__init__.py"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mfq-private-encoder/MAL-2026-10758.json"