MAL-2026-2121
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/roboat/MAL-2026-2121.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2121
- Published
- 2026-03-23T23:09:44Z
- Modified
- 2026-03-24T20:32:01.427652Z
- Summary
- Malicious code in roboat (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b)
During installation, the code attempts to download and start malware.
Connected with the campaign based on the time correlation and other packages published by the author.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-03-rowrap
Reasons (based on the campaign):
Downloads and executes a remote malicious script.
malware
- Database specific
{ "iocs": { "domains": [ "dark-resonance-459b.blammervale.workers.dev", "dry-hall-8967.blammervale.workers.dev" ], "urls": [ "https://dark-resonance-459b.blammervale.workers.dev/555.bat", "https://dry-hall-8967.blammervale.workers.dev/HHH.exe" ] }, "malicious-packages-origins": [ { "sha256": "f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b", "modified_time": "2026-03-23T23:09:44.958346Z", "source": "kam193", "import_time": "2026-03-23T23:45:18.695034166Z", "versions": [ "0.0.1", "1.1.0", "2.0.0", "2.1.0" ], "id": "pypi/2026-03-rowrap/roboat" }, { "sha256": "e94bd912e703150e428eafa84e1f5aea427c9afe6c30f16ff2b5aca6f52c55b1", "modified_time": "2026-03-24T19:26:31.62413Z", "source": "kam193", "import_time": "2026-03-24T20:16:47.766638462Z", "versions": [ "0.0.1", "1.1.0", "2.0.0", "2.1.0", "2.20" ], "id": "pypi/2026-03-rowrap/roboat" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / roboat
Package
- Name
- roboat
- View open source insights on deps.dev
- Purl
- pkg:pypi/roboat