MAL-2026-2020

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiolrucache/MAL-2026-2020.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2020
Published
2026-03-21T22:53:52Z
Modified
2026-03-21T23:18:07.533894Z
Summary
Malicious code in aiolrucache (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e)

The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files, executing remote code, taking screenshots, monitoring and exfiltrating the clipboard content. Malicious code is controlled via Discord.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-aiolrucache

Reasons (based on the campaign):

  • rat

  • spyware-like

  • keylogger

  • clipboard-stealing

  • obfuscation

  • files-exfiltration

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-03-21T23:09:36.572115179Z",
            "modified_time": "2026-03-21T22:53:52.472149Z",
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.2.0",
                "0.3.0"
            ],
            "sha256": "8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e",
            "id": "pypi/2026-03-aiolrucache/aiolrucache",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / aiolrucache

Package

Name
aiolrucache
View open source insights on deps.dev
Purl
pkg:pypi/aiolrucache

Affected ranges

Affected versions

0.*
0.1.0
0.1.1
0.2.0
0.3.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiolrucache/MAL-2026-2020.json"