MAL-2026-256
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/legendevil1/MAL-2026-256.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-256
- Published
- 2026-01-14T21:14:24Z
- Modified
- 2026-01-19T07:29:06.866743Z
- Summary
- Malicious code in legendevil1 (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (3188a850ecb974606264f28634afaca67ec2f49c1c759cf590aa39ba19e50452)
Package is designed to download and execute a remote script, which then downloads and runs a malicious executable
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-pdatainstaller
Reasons (based on the campaign):
Downloads and executes a remote executable.
Downloads and executes a remote malicious script.
malware
- Database specific
{ "iocs": { "urls": [ "https://pastebin.com/raw/s5WB7EtG", "https://pastebin.com/raw/c3uYVYbT", "https://github.com/uunnkknnoowwnn/dang/raw/refs/heads/main/svchost.exe", "https://github.com/yoseffalrg-droid/Reall/raw/refs/heads/main/svchost.exe", "https://pastebin.com/raw/neRRCVv5" ] }, "malicious-packages-origins": [ { "sha256": "3188a850ecb974606264f28634afaca67ec2f49c1c759cf590aa39ba19e50452", "id": "pypi/2025-12-pdatainstaller/legendevil1", "source": "kam193", "modified_time": "2026-01-14T21:14:24.464879Z", "versions": [ "1.0.0" ], "import_time": "2026-01-14T21:39:18.449089788Z" }, { "sha256": "782226a56313b4a661d694de5f528c5b040f3319b984b7246c339e634e05ab0f", "id": "pypi/2025-12-pdatainstaller/legendevil1", "source": "kam193", "modified_time": "2026-01-14T21:14:24.464879Z", "versions": [ "1.0.0" ], "import_time": "2026-01-19T07:14:29.760231992Z" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / legendevil1
Package
- Name
- legendevil1
- View open source insights on deps.dev
- Purl
- pkg:pypi/legendevil1