MAL-2026-2017

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/thisismytest/MAL-2026-2017.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2017
Published
2026-03-21T18:24:07Z
Modified
2026-03-22T23:18:00.766068Z
Summary
Malicious code in thisismytest (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9)

During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic commands

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-thisismytest

Reasons (based on the campaign):

  • malware

  • Downloads and executes a remote executable.

  • backdoor

Source: ossf-package-analysis (19f3b6e447fea825bca111985cb5f707015439b58f5d4982bb33b91a8f37a1c0)

The OpenSSF Package Analysis project identified 'thisismytest' @ 4.0.0 (pypi) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific 
{
    "iocs": {
        "urls": [
            "http://115.190.98.52/java"
        ],
        "ips": [
            "101.47.72.91"
        ]
    },
    "malicious-packages-origins": [
        {
            "modified_time": "2026-03-21T19:05:47.574472Z",
            "id": "pypi/2026-03-thisismytest/thisismytest",
            "sha256": "a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9",
            "versions": [
                "1.0.0",
                "2.0.0",
                "3.0.0",
                "4.0.0",
                "5.0.0"
            ],
            "import_time": "2026-03-21T19:39:52.895404088Z",
            "source": "kam193"
        },
        {
            "modified_time": "2026-03-21T18:24:07Z",
            "sha256": "19f3b6e447fea825bca111985cb5f707015439b58f5d4982bb33b91a8f37a1c0",
            "versions": [
                "4.0.0"
            ],
            "import_time": "2026-03-22T23:10:11.119892579Z",
            "source": "ossf-package-analysis"
        },
        {
            "modified_time": "2026-03-21T18:25:55Z",
            "sha256": "421d783dd1f7d99fd582b5a07e9f691a9c568faa36be4595a167fc98a6c3334e",
            "versions": [
                "5.0.0"
            ],
            "import_time": "2026-03-22T23:10:11.212004356Z",
            "source": "ossf-package-analysis"
        }
    ]
}
References
Credits

Affected packages

PyPI / thisismytest

Package

Name
thisismytest
View open source insights on deps.dev
Purl
pkg:pypi/thisismytest

Affected ranges

Affected versions

1.*
1.0.0
2.*
2.0.0
3.*
3.0.0
4.*
4.0.0
5.*
5.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/thisismytest/MAL-2026-2017.json"