MAL-2026-3693

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/kaggle-runner/MAL-2026-3693.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3693
Published
2026-05-12T11:39:04Z
Modified
2026-05-13T20:22:39.506529Z
Summary
Malicious code in kaggle-runner (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71)

kagglerunner/coordinator.py embeds a bash reverse-shell template (rvsstr) that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a heartbeat channel on port 23455. When a consumer calls Coordinator.createrunner(config), the package writes rvs.sh alongside entry.sh/runner.sh/setuppty/gdrivesetup into a kernel folder; Coordinator.runlocal() then executes python main.py, which invokes bash -x entry.sh, which in turn backgrounds rvs.sh — opening an interactive shell from the runner's host back to the author-controlled duckdns.org subdomain. The same bundle wgets a gdrive binary from github.com/gdrive-org/gdrive/releases/download/2.1.0/gdrive-linux-x64 and installs it to /bin/gdrive. None of this behavior is documented in the README (which advertises AMQP logging for Kaggle kernels). The reverse shell does not fire at import/install time — setup.py and init.py are clean — but it fires as part of the package's advertised Coordinator API flow, so any consumer who actually uses the library exposes the executing host (their machine or a Kaggle kernel they push) to the author. A separate file (kaggle_runner/utils/utils.py) also hardcodes CloudAMQP credentials (termite.rmq.cloudamqp.com / drdsfaew) with a comment 'oh~ just give my password out~' — this is author self-harm and on its own would be allow, but combined with the reverse-shell pipe to a duckdns C2 host, the installer-side impact is clear.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.0.2"
            ],
            "sha256": "8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71",
            "modified_time": "2026-05-12T19:03:07Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-002524",
            "import_time": "2026-05-13T20:10:59.625163518Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / kaggle-runner

Package

Affected ranges

Affected versions

0.*
0.0.2

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "kaggle_runner-0.0.2-py3-none-any.whl",
            "hashes": {
                "sha256": "1933f25867446dbf3841aa0f5ae17d3c2531c2ccb0756bd7837a2e03c1101282",
                "md5": "1f7a609aae6cbe3e9fb95f9f97f1cad4",
                "blake2b_256": "dee805394b0645cb915b45b17db2962095e52d7e1b19acada5e309a1c3df73b0"
            }
        },
        {
            "filename": "kaggle_runner-0.0.2.tar.gz",
            "hashes": {
                "sha256": "a16105cc549bd500e214298b237b6ac1c1c123ff2f7de59f364249c753a70a67",
                "md5": "1128e0a6ade04d902944d6430b145995",
                "blake2b_256": "92631de2a6f61f5337c9f69a5bd970c830fc956a735ac83e254581b67605ed18"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "c1f7a17586b660e76fef8aad913582151c1543b9a16295827c1d6959010b239b",
            "path": "kaggle_runner/coordinator.py",
            "tlsh": "99820703846a1b30a7d35898944793a82b95ec6717626c1272fcb3606f25378d1fb3fa"
        },
        {
            "sha256": "1e839d5791497cdec65ec2bb39c9e020455f4ec2b00da39097a51d9d0831c1eb",
            "path": "kaggle_runner/utils/utils.py",
            "tlsh": "ba216a516317d84c20aa62525c26762178b8d50b8908f87836bd93042f1fcaec5f5da5"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/kaggle-runner/MAL-2026-3693.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]