MAL-2026-3251

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/puan31/MAL-2026-3251.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3251
Published
2026-05-03T20:58:02Z
Modified
2026-05-03T21:33:08.017172Z
Summary
Malicious code in puan31 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855)

During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensitive files, and then waits for remote commands to execute.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-puan3

Reasons (based on the campaign):

  • exfiltration-generic

  • exfiltration-browser-data

  • The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

  • exfiltration-credentials

  • rat

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-03T21:19:17.743722447Z",
            "sha256": "27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855",
            "id": "pypi/2026-05-puan3/puan31",
            "source": "kam193",
            "modified_time": "2026-05-03T20:58:02.468662Z",
            "versions": [
                "0.1.0",
                "0.1.1"
            ]
        }
    ],
    "iocs": {
        "ips": [
            "185.246.113.53"
        ]
    }
}
References
Credits

Affected packages

PyPI / puan31

Package

Name
puan31
View open source insights on deps.dev
Purl
pkg:pypi/puan31

Affected ranges

Affected versions

0.*
0.1.0
0.1.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/puan31/MAL-2026-3251.json"