MAL-2026-28
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/chrome-stealth/MAL-2026-28.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-28
- Published
- 2026-01-03T13:25:21Z
- Modified
- 2026-01-03T14:46:29.346260Z
- Summary
- Malicious code in chrome-stealth (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (a97fed2b45bf12e5c4ba72089cdc2a1aff4ef42cb5eed242565268439946041a)
By using the package, the computer is attached to participate in a proxy network and share its IP and bandwidth. This is clearly stated, but the package has no real functionality besides that. Additionally, the stated proxy network seems extremely shady: the domain was just registered, is closely similar to a long-existing service, and offers residential proxy only for cryptocurrencies. The company mentioned in the package information does not have a website, and the proposed way to opt-out does not work.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-01-ambertransit
Reasons (based on the campaign):
other
modify-system-without-consent
- Database specific
{ "iocs": { "domains": [ "ambertransit.com", "proxly.cc", "peers.proxly.cc" ] }, "malicious-packages-origins": [ { "sha256": "a97fed2b45bf12e5c4ba72089cdc2a1aff4ef42cb5eed242565268439946041a", "source": "kam193", "modified_time": "2026-01-03T13:25:21.755617Z", "id": "pypi/2026-01-ambertransit/chrome-stealth", "import_time": "2026-01-03T14:38:51.184306767Z", "versions": [ "0.1.0" ] } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / chrome-stealth
Package
- Name
- chrome-stealth
- View open source insights on deps.dev
- Purl
- pkg:pypi/chrome-stealth