MAL-2026-2519

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/just4testlm/MAL-2026-2519.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-2519

Published

2026-04-09T07:28:17Z

Modified

2026-04-09T08:46:53.852711Z

Summary

Malicious code in just4testlm (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (5aed012f2ecc4af261bb7f2fc294b9aee5c0733ccf207b9e9e9a381d51387811)

The package likely tests different malicious techniques and delivering payload in setup.py. Different versions, like 0.1.0, 0.4.0 or 0.9.0 contain malicious payload in setup.py that either run remote script or exfiltrate env variables during installation. The malicious versions are also quickly removed and replaced with versions without malicious code.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-just4testlm

Reasons (based on the campaign):

Downloads and executes a remote malicious script.
exfiltration-env-variables

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-04-09T07:42:34.161539179Z",
            "modified_time": "2026-04-09T07:28:56.971481Z",
            "sha256": "512c9983d4d153d1cf4bae9fffbddc13d5a5f58573dd4ea042dca9e43cac964b",
            "source": "kam193",
            "versions": [
                "0.1.0",
                "0.2.0",
                "0.3.0",
                "0.4.0",
                "0.5.0",
                "0.6.0",
                "0.7.0",
                "0.8.0",
                "0.9.0",
                "0.9.1",
                "0.9.2"
            ],
            "id": "pypi/GENERIC-questionable-pentest/just4testlm"
        },
        {
            "import_time": "2026-04-09T08:38:22.247537267Z",
            "modified_time": "2026-04-09T08:22:13.143434Z",
            "sha256": "5aed012f2ecc4af261bb7f2fc294b9aee5c0733ccf207b9e9e9a381d51387811",
            "source": "kam193",
            "versions": [
                "0.1.0",
                "0.2.0",
                "0.3.0",
                "0.4.0",
                "0.5.0",
                "0.6.0",
                "0.7.0",
                "0.8.0",
                "0.9.0",
                "0.9.1",
                "0.9.2",
                "0.9.3"
            ],
            "id": "pypi/2026-03-just4testlm/just4testlm"
        }
    ],
    "iocs": {
        "domains": [
            "just4testlm.tos-cn-hongkong.volces.com",
            "pipi.8d90982c.cdn.cloudops.ink",
            "cloudops.ink"
        ],
        "urls": [
            "https://just4testlm.tos-cn-hongkong.volces.com/run.sh"
        ]
    }
}

References

https://bad-packages.kam193.eu/pypi/package/just4testlm

Credits

- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / just4testlm

Package

Name: just4testlm; View open source insights on deps.dev
Purl: pkg:pypi/just4testlm

Affected ranges

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/just4testlm/MAL-2026-2519.json"