MAL-2026-5086
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/polymarket-data/MAL-2026-5086.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-5086
- Published
- 2026-05-30T03:57:51Z
- Modified
- 2026-05-30T05:00:53.566348081Z
- Summary
- Malicious code in polymarket-data (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (a690aea77d0d48fae2a4f500f434cc5d4fb5cde042b7b902b0ee647b97921dc4)
The package attempts to exfiltrate sensitive data related to cryptocurrencies and API keys, as well as establish persistence. Likely related to 2026-05-polymarket-data-fetcher.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-polymarket-data
Reasons (based on the campaign):
crypto-related
exfiltration-crypto
exfiltration-credentials
persistence
- Database specific
{ "iocs": { "domains": [ "bold-river-456.onrender.com", "ideal-octo-spoon.onrender.com", "quiet-sky-123.onrender.com" ], "urls": [ "https://bold-river-456.onrender.com/api/v1", "https://ideal-octo-spoon.onrender.com/api/v1", "https://quiet-sky-123.onrender.com/api/v1" ] }, "malicious-packages-origins": [ { "import_time": "2026-05-30T04:48:38.02503993Z", "modified_time": "2026-05-30T03:57:51.233242Z", "sha256": "a690aea77d0d48fae2a4f500f434cc5d4fb5cde042b7b902b0ee647b97921dc4", "versions": [ "2.0.0", "2.0.1" ], "source": "kam193", "id": "pypi/2026-05-polymarket-data/polymarket-data" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - ANALYST
-
Affected packages
PyPI / polymarket-data
Package
- Name
- polymarket-data
- View open source insights on deps.dev
- Purl
- pkg:pypi/polymarket-data