MAL-2026-2201

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/privaton-beacon-img-8f3603448690bdde-png/MAL-2026-2201.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2201
Published
2026-03-24T14:02:57Z
Modified
2026-03-25T23:03:19.162166Z
Summary
Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: oracle-using-macaron (be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9)

This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "774.350.288",
                "774.377.534",
                "774.377.646",
                "774.377.756",
                "774.377.865",
                "774.379.660",
                "774.380.294",
                "774.380.481",
                "774.382.470",
                "774.385.202",
                "774.387.931",
                "774.390.648",
                "774.393.364",
                "774.396.88"
            ],
            "sha256": "be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9",
            "modified_time": "2026-03-24T14:02:57Z",
            "source": "oracle-using-macaron",
            "import_time": "2026-03-24T14:02:57Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / privaton-beacon-img-8f3603448690bdde-png

Package

Name
privaton-beacon-img-8f3603448690bdde-png
View open source insights on deps.dev
Purl
pkg:pypi/privaton-beacon-img-8f3603448690bdde-png

Affected ranges

Affected versions

774.*
774.350.288
774.377.534
774.377.646
774.377.756
774.377.865
774.379.660
774.380.294
774.380.481
774.382.470
774.385.202
774.387.931
774.390.648
774.393.364
774.396.88

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/privaton-beacon-img-8f3603448690bdde-png/MAL-2026-2201.json"