MAL-2026-5184
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sf-silly-goose-requests/MAL-2026-5184.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-5184
- Published
- 2026-06-04T16:47:17Z
- Modified
- 2026-06-04T18:30:53.571388091Z
- Summary
- Malicious code in sf-silly-goose-requests (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60)
Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-sf-silly-goose-requests
Reasons (based on the campaign):
exfiltration-credentials
exfiltration-env-variables
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2026-06-04T16:47:17.20048Z", "versions": [ "0.1.0", "0.2.0" ], "sha256": "d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60", "id": "pypi/2026-06-sf-silly-goose-requests/sf-silly-goose-requests", "source": "kam193", "import_time": "2026-06-04T17:08:17.520083666Z" }, { "modified_time": "2026-06-04T17:07:57.73926Z", "versions": [ "0.1.0", "0.2.0" ], "sha256": "a408d377936e3acbf92e1aa97b7ae20de4af6f07bbd02f1e2bb24300be4e12c0", "id": "pypi/2026-06-sf-silly-goose-requests/sf-silly-goose-requests", "source": "kam193", "import_time": "2026-06-04T18:18:24.151314429Z" } ], "iocs": { "urls": [ "http://13.219.230.105:80/beacon" ], "ips": [ "13.219.230.105" ] } }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / sf-silly-goose-requests
Package
- Name
- sf-silly-goose-requests
- View open source insights on deps.dev
- Purl
- pkg:pypi/sf-silly-goose-requests