MAL-2026-4756

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ml2000/MAL-2026-4756.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4756

Published

2026-05-22T13:29:09Z

Modified

2026-05-26T06:03:12.064141535Z

Summary

Malicious code in ml2000 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6)

On invoking the ml2000 CLI with no arguments, interactive_menu() in src/ml_labs/generator.py writes a batch file and launches it via subprocess.Popen(["cmd.exe", "/c", bat_path], creationflags=DETACHED_PROCESS | CREATE_NO_WINDOW). The batch script runs taskkill /IM WindowsTerminal.exe /F, taskkill /IM cmd.exe /F, taskkill /IM powershell.exe /F, then pipx uninstall ml2000, then deletes itself. The use of detached/no-window flags hides this from the user, and the README advertises only ML notebook code generation — the destructive behavior is undisclosed. This is install/use-time destruction of installer-side resources: open terminal sessions are force-killed (causing loss of unsaved work in any other shell the user has open) and the package removes itself behind the user's back. Project metadata is also placeholder (Your Name <your.email@example.com>), corroborating that this is not a legitimate maintained release.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-004205",
            "versions": [
                "0.1.4"
            ],
            "sha256": "871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6",
            "source": "amazon-inspector",
            "modified_time": "2026-05-22T13:29:09Z",
            "import_time": "2026-05-26T05:52:08.478172901Z"
        }
    ]
}

References

https://pypi.org/project/ml2000/0.1.4/

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

PyPI / ml2000

Package

Name: ml2000; View open source insights on deps.dev
Purl: pkg:pypi/ml2000

Affected ranges

Affected versions

0.*

0.1.4

Database specific

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "path": "src/ml_labs/generator.py",
            "sha256": "15257290faad02afcc0326e4f8c333e6bed01c5a4af17e6d4de9730c8d309370",
            "tlsh": "ee62fb22f9610d7887a7e868bcd8905026b260075e52247e73ecc6348f5947877b7eab"
        },
        {
            "path": "pyproject.toml",
            "sha256": "120c59813790ebb5eea6391b810105f3d1e9c0cd3d685f184500f1794c89b68d",
            "tlsh": "99f0c91386a2ae645695005014084d60e971a8081ac8d84917ed814dae3cd9ac7fca29"
        }
    ],
    "package_integrity": [
        {
            "filename": "ml2000-0.1.4-py3-none-any.whl",
            "hashes": {
                "md5": "a385950f07b914cab8013254ee20e9b5",
                "blake2b_256": "cc31d932503a52a4b872a34b659946418bc94aa5fedab66d970010ecf7766422",
                "sha256": "d46d894f811444f1d0152351b50cfa4748f7884f42bbed6772898dfb19277c0f"
            }
        },
        {
            "filename": "ml2000-0.1.4.tar.gz",
            "hashes": {
                "md5": "80f0db9b97f8a9fb03012d8a4d1fd248",
                "blake2b_256": "cc871da1b5bbe405cac61a96028a13a0f84cef21892db20d76a2bc459c8d3af2",
                "sha256": "ae80e68f40805fd1d2f827f1d384a46d1f57d375ff6932f933eb012605b0a614"
            }
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ml2000/MAL-2026-4756.json"