MAL-2026-27

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/qdatainstaller/MAL-2026-27.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-27

Published

2026-01-03T00:50:32Z

Modified

2026-01-19T07:29:44.185352Z

Summary

Malicious code in qdatainstaller (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (e4ee574ced05e27b63477cb84af816e02ae259c67246f4f31ff63819e7e1048e)

Package is designed to download and execute a remote script, which then downloads and runs a malicious executable

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-pdatainstaller

Reasons (based on the campaign):

Downloads and executes a remote malicious script.
malware
Downloads and executes a remote executable.

Database specific

{
    "iocs": {
        "urls": [
            "https://pastebin.com/raw/s5WB7EtG",
            "https://pastebin.com/raw/c3uYVYbT",
            "https://github.com/uunnkknnoowwnn/dang/raw/refs/heads/main/svchost.exe"
        ]
    },
    "malicious-packages-origins": [
        {
            "sha256": "e4ee574ced05e27b63477cb84af816e02ae259c67246f4f31ff63819e7e1048e",
            "source": "kam193",
            "modified_time": "2026-01-03T00:50:32.319153Z",
            "id": "pypi/2025-12-pdatainstaller/qdatainstaller",
            "import_time": "2026-01-03T01:35:30.52317316Z",
            "versions": [
                "1.0.1"
            ]
        },
        {
            "sha256": "2076720ad37488ab7134540a250654eb89997ef874f7833195e7f70cb5a2313d",
            "source": "kam193",
            "modified_time": "2026-01-03T00:50:32.319153Z",
            "id": "pypi/2025-12-pdatainstaller/qdatainstaller",
            "import_time": "2026-01-07T20:40:53.38172441Z",
            "versions": [
                "1.0.1"
            ]
        },
        {
            "sha256": "cbc86a446df2446857043ecf71285623cf05d5fc76bc1185835fc090440166be",
            "source": "kam193",
            "modified_time": "2026-01-03T00:50:32.319153Z",
            "id": "pypi/2025-12-pdatainstaller/qdatainstaller",
            "import_time": "2026-01-14T21:39:18.454305746Z",
            "versions": [
                "1.0.1"
            ]
        },
        {
            "sha256": "fba20822ab0c90405242a5fa9147d5748b78c6d2cca8adf30de03263034da26f",
            "source": "kam193",
            "modified_time": "2026-01-03T00:50:32.319153Z",
            "id": "pypi/2025-12-pdatainstaller/qdatainstaller",
            "import_time": "2026-01-19T07:14:29.763073103Z",
            "versions": [
                "1.0.1"
            ]
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / qdatainstaller

Package

Name: qdatainstaller; View open source insights on deps.dev
Purl: pkg:pypi/qdatainstaller

Affected ranges

Affected versions

1.*

1.0.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/qdatainstaller/MAL-2026-27.json"