MAL-2026-2289

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/database-roblox/MAL-2026-2289.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2289
Published
2026-03-29T12:15:48Z
Modified
2026-05-28T05:01:10.168034483Z
Summary
Malicious code in database-roblox (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (bc72e398d8a27feaf630ecd5c3f852b452ad895a1e0a104abbc87da277e3bfc4)

During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap.

The campaign is built over a malicious Roblox API wrapper. The roboat[.]pro (later robase[.]app) domain advertises a wrapper that is either directly malicious (as roboat collected in the campaign 2026-03-rowrap) or uses a malicious dependencies (like roboat-utils). New versions are published simultaneously with malicious dependencies and quickly removed. Another advertisement channel is https://github.com/Addi9000/roboat referencing two active contributors: https://github.com/Addi9000 and https://github.com/RoCruise


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-roboat-addition

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • Downloads and executes a remote executable.

  • The malicious code is intentionally included in a dependency of the package

  • malware

  • clones-real-package

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "b66c65a2aaea77057240357862efea9ac3af04b4e6f65b24a070291b406e1b6f",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-03-29T12:49:09.556062497Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "12a6e8c2d701596172a40974207770687437cb552cecc8108a1f256546d810b5",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-03-29T20:46:34.581276607Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "b59069109fc624a8cf4223c9fb3660d240793b6daa6588376964f9eeb80efbf6",
            "source": "kam193",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "import_time": "2026-04-04T22:45:36.623863918Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "14ee770bea712aa55baa2d0146accdd8e77f5454dc5eb8aeac005412460bceee",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-04-05T09:18:40.860722456Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "16d80c9007277589dea462fc1cc169a1bd54c4229aa8566c7c74996a090c3943",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-04-08T10:27:39.25156252Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "4ad5f1aa4a301cd222e5b1216c2cefc73100be5462a9f95d776fff8ca7f227d7",
            "source": "kam193",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "import_time": "2026-04-10T21:47:38.794827554Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "c47cc65cf4383aa4252e212df2cd80308baf9068f0bec0fd545d137533f96932",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-04-12T21:46:35.798582884Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "bc72e398d8a27feaf630ecd5c3f852b452ad895a1e0a104abbc87da277e3bfc4",
            "source": "kam193",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "import_time": "2026-04-12T22:12:37.175198713Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "683d00b22d40cb3f96b259b97c4b5784713d7ec53246f4d8472f1b0df8a136b7",
            "source": "kam193",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "import_time": "2026-04-16T07:38:25.003101801Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "e349f950d8ce53578ed27c8d5837c33c28a4489a739882d247a173abc944fa01",
            "source": "kam193",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "import_time": "2026-04-25T08:25:00.385416819Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "2636fbe91dd452be0f38efab2d3a6d2d84b998d7e526e0312e542452f667fb6d",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "id": "pypi/2026-03-roboat-addition/database-roblox",
            "import_time": "2026-04-26T17:18:12.815759346Z"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "32852a445d842b12297fdedbe3361405a378bef82d8b74804021ce34ed744f5e",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-04-27T21:50:25.207852693Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "c256ad43bf9b454c66d182980f8d94f536d61b924d4c1b3a0d4bd19215f1db91",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "id": "pypi/2026-03-roboat-addition/database-roblox",
            "import_time": "2026-04-28T22:49:44.39451779Z"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "0ae14ee58ad20a61b4e49eef7e69b63f8b38c039a1c3019b20d5cc801abc9c7a",
            "source": "kam193",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "import_time": "2026-05-03T20:48:01.274383802Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "06d1ae956ab7d10ec84ea04194e4031df1804b5a028530267b00468a9a659d9d",
            "modified_time": "2026-03-29T12:15:48.792405Z",
            "source": "kam193",
            "import_time": "2026-05-28T04:57:09.761120394Z",
            "id": "pypi/2026-03-roboat-addition/database-roblox"
        }
    ],
    "iocs": {
        "urls": [
            "https://jolly-violet-def9.staraledreamer.workers.dev/DDDD.exe",
            "https://holy-sun-41ff.staraledreamer.workers.dev/gore.vbs",
            "https://github.com/betonme27/flies/releases/download/a/s22s.zhr"
        ],
        "domains": [
            "jolly-violet-def9.staraledreamer.workers.dev",
            "holy-sun-41ff.staraledreamer.workers.dev"
        ]
    }
}
References
Credits

Affected packages

PyPI / database-roblox

Package

Affected ranges

Affected versions

0.*
0.0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/database-roblox/MAL-2026-2289.json"