MAL-2026-1408
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/nai/MAL-2026-1408.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-1408
- Published
- 2026-03-13T10:31:39Z
- Modified
- 2026-03-13T11:14:40.691572Z
- Summary
- Malicious code in nai (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (a9e4650a322afd07ff77c3f934248e52f477f2d1cebd0c84b1074bdba1142efe)
Package is a hacking tool that not only abuses 3rd-party services but also silently exfiltrates credentials the user uses to log in there. The provided account is also forced to follow the attacker's accounts.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-03-old-nai
Reasons (based on the campaign):
exfiltration-credentials
abusing-3rd-api
action-hidden-in-lib-usage
- Database specific
{ "malicious-packages-origins": [ { "sha256": "a9e4650a322afd07ff77c3f934248e52f477f2d1cebd0c84b1074bdba1142efe", "source": "kam193", "modified_time": "2026-03-13T10:31:39.702401Z", "id": "pypi/2026-03-old-nai/nai", "versions": [ "1.4", "1.5", "1.6", "1.7", "1.8", "1.9", "2.0", "2.1", "2.2", "2.3", "2.4", "2.5", "2.8", "2.9", "3.0", "3.1" ], "import_time": "2026-03-13T10:47:31.130659444Z" } ], "iocs": { "domains": [ "nasweb.000webhostapp.com" ] } }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / nai
Package
- Name
- nai
- View open source insights on deps.dev
- Purl
- pkg:pypi/nai