MAL-2026-1289

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aioutil3/MAL-2026-1289.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1289
Published
2026-03-08T19:35:54Z
Modified
2026-03-08T20:16:21.661566Z
Summary
Malicious code in aioutil3 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0)

This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. What is interesting, during the analysis the remote domain did not exist and the malicious code was not called in the package, suggesting preparation for the further attack.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-aioutil3

Reasons (based on the campaign):

  • clones-real-package

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "3.9.1"
            ],
            "modified_time": "2026-03-08T19:35:54.941599Z",
            "sha256": "cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0",
            "id": "pypi/2026-03-aioutil3/aioutil3",
            "import_time": "2026-03-08T20:08:49.46127673Z",
            "source": "kam193"
        }
    ],
    "iocs": {
        "domains": [
            "aioutil3.tech"
        ],
        "urls": [
            "https://aioutil3.tech/api/info/faq/"
        ]
    }
}
References
Credits

Affected packages

PyPI / aioutil3

Package

Name
aioutil3
View open source insights on deps.dev
Purl
pkg:pypi/aioutil3

Affected ranges

Affected versions

3.*
3.9.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aioutil3/MAL-2026-1289.json"