MAL-2026-2139

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/stats-helpers/MAL-2026-2139.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-2139

Published

2026-03-24T19:42:44Z

Modified

2026-03-24T20:32:01.357498Z

Summary

Malicious code in stats-helpers (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (0325e0cf1dadfad7387e0814c62942c6d4d80373ce116234fcf4f5450d434570)

During importing, the package exfiltrates sensitive crypt-related environment variables to a remote location

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-stats-helpers

Reasons (based on the campaign):

crypto-related
exfiltration-crypto

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-03-24T19:42:44.378359Z",
            "versions": [
                "1.0.0"
            ],
            "id": "pypi/2026-03-stats-helpers/stats-helpers",
            "import_time": "2026-03-24T20:16:47.767976176Z",
            "source": "kam193",
            "sha256": "0325e0cf1dadfad7387e0814c62942c6d4d80373ce116234fcf4f5450d434570"
        }
    ],
    "iocs": {
        "domains": [
            "stats-helpers-1.onrender.com"
        ]
    }
}

References

https://bad-packages.kam193.eu/pypi/package/stats-helpers

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / stats-helpers

Package

Name: stats-helpers; View open source insights on deps.dev
Purl: pkg:pypi/stats-helpers

Affected ranges

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/stats-helpers/MAL-2026-2139.json"