MAL-2026-4749

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/fakehuop/MAL-2026-4749.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4749

Published

2026-05-21T22:22:13Z

Modified

2026-05-26T06:03:10.397560274Z

Summary

Malicious code in fakehuop (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee)

Every advertised function in this package (askllm, pink, america, iran, momo, abc, bcd, code, sf, liti, koko, init, dropnull, hellp, lc) instantiates a Groq client using a hardcoded gsk_... API key owned by the package author and forwards the caller-supplied prompt argument to api.groq.com via client.chat.completions.create. Callers cannot supply their own key; the public API has no parameter or env-var override. As a result, any prompt content passed into these functions — which may contain proprietary data, customer input, or secrets — is routed through the author's Groq account, where the author can read it via their dashboard. 17 distinct hardcoded Groq keys are shipped across aihelper.py, abc.py, america.py, bcd.py, code.py, dropnull.py, hellp.py, init.py, iran.py, koko.py, lc.py, liti.py, momo.py, pink.py, and sf.py. The package metadata reinforces the assessment: README references an unrelated sample_package with add/greet examples that don't exist in the source, the package and module names are nonsensical, and there is no documented legitimate purpose for the relay.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "01b6d228f2f167f660bb588665de6df915cd05d025b201027962bfe1c493e808",
            "id": "IN-MAL-2026-004042",
            "source": "amazon-inspector",
            "modified_time": "2026-05-21T22:22:13Z",
            "versions": [
                "3.1.0"
            ],
            "import_time": "2026-05-26T05:51:49.670211105Z"
        },
        {
            "sha256": "677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee",
            "id": "IN-MAL-2026-004064",
            "source": "amazon-inspector",
            "modified_time": "2026-05-21T22:52:06Z",
            "versions": [
                "3.2.0"
            ],
            "import_time": "2026-05-26T05:51:52.110091876Z"
        },
        {
            "sha256": "c4e7b6565fad1e78a9aed6fcbf5e1992a05f51f0bbb46c0412f614b9777867f5",
            "id": "IN-MAL-2026-004063",
            "source": "amazon-inspector",
            "modified_time": "2026-05-21T22:52:01Z",
            "versions": [
                "3.7.0"
            ],
            "import_time": "2026-05-26T05:51:52.016139777Z"
        },
        {
            "sha256": "d09b228809877b9a10237ba3c8becd1b069c803096a35b8ac363321dee102dce",
            "id": "IN-MAL-2026-004065",
            "source": "amazon-inspector",
            "modified_time": "2026-05-21T22:52:11Z",
            "versions": [
                "3.5.0"
            ],
            "import_time": "2026-05-26T05:51:52.208603028Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

PyPI / fakehuop

Package

Name: fakehuop; View open source insights on deps.dev
Purl: pkg:pypi/fakehuop

Affected ranges

Affected versions

3.*

3.1.0

3.2.0

3.5.0

3.7.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/fakehuop/MAL-2026-4749.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "sha256": "03b960bee8e48c2b91670ea317a7ebfcdecda5db5acbe5a9d80f4dcb99351bd1",
            "tlsh": "3df09525cc64484e07a241aaa6119851707ff41372f070b9f22c54b85fd2e6751e57d7",
            "path": "src/fakehuop/ai_helper.py"
        },
        {
            "sha256": "b12af4b8bb03c7db6bef5e5f7b2e65dc4d1306fc70be7d4389730c4d5a584e76",
            "tlsh": "08f00e24cc04481f07e0819ea121a892707df42332b07078f32c94b96fd2b7612fa2a6",
            "path": "src/fakehuop/pink.py"
        }
    ],
    "package_integrity": [
        {
            "filename": "fakehuop-3.1.0-py3-none-any.whl",
            "hashes": {
                "sha256": "ac03e4d48d914f002e8c88b7f6d39c70c2f7ecf82cd5e9540a7a6bd209367b62",
                "md5": "46911bbf3325342f06a36ea2067df386",
                "blake2b_256": "4185ed3458fa88b88da960569dbf938b0f3f444cec5bee8d1793995826170af7"
            }
        },
        {
            "filename": "fakehuop-3.1.0.tar.gz",
            "hashes": {
                "sha256": "f81bc6c662bbb134f22918d677a19315a3be66ebc5d8dbd299f31114624de441",
                "md5": "66d14a3bac216fb232332b74e49679e8",
                "blake2b_256": "4d26c82e69300d5a0def1ce2ad8540c4942bfbdae27df7830e2e7da84119e4b5"
            }
        }
    ]
}