MAL-2026-2624
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/asciitoart/MAL-2026-2624.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2624
- Published
- 2026-04-13T21:26:29Z
- Modified
- 2026-04-13T22:32:01.360729Z
- Summary
- Malicious code in asciitoart (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591)
Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious code, the package covers the tracks by overwriting all relevant code files.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-11-asn1tool
Reasons (based on the campaign):
obfuscation
dependency-confusion
typosquatting
clones-real-package
infostealer
- Database specific
{ "malicious-packages-origins": [ { "sha256": "697b56a6de305412973432c5b3408cf52f8a6aae0aedfbb64e2dad666c7b09b6", "source": "kam193", "modified_time": "2026-04-13T21:41:36.19578Z", "id": "pypi/2024-11-asn1tool/asciitoart", "versions": [ "0.1.1", "0.1.2", "0.1.3", "0.1.4" ], "import_time": "2026-04-13T21:48:56.097729413Z" }, { "sha256": "d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591", "source": "kam193", "modified_time": "2026-04-13T21:41:36.19578Z", "id": "pypi/2024-11-asn1tool/asciitoart", "versions": [ "0.1.1", "0.1.2", "0.1.3", "0.1.4" ], "import_time": "2026-04-13T22:20:47.005982077Z" } ], "iocs": { "urls": [ "https://tinyurl.com/1atestver", "https://tinyurl.com/l4kr0sr4t", "https://tinyurl.com/w1ngfjs" ] } }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / asciitoart
Package
- Name
- asciitoart
- View open source insights on deps.dev
- Purl
- pkg:pypi/asciitoart