MAL-2026-5333

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/nerfstudio-gs/MAL-2026-5333.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5333

Published

2026-06-08T19:20:50Z

Modified

2026-06-08T21:31:25.682631987Z

Summary

Malicious code in nerfstudio-gs (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (523b928ceb73227e96f02eb85783222da17d0e716c9c7012b4cbcafd1e787f58)

During installation or Python setup (via PTH file), the code exfiltrated all kinds of sensitive data, including env variables, browser's data, SSH keys, data from cryptocurrency extensions, shell history files, etc.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-nerfstudio-gs

Reasons (based on the campaign):

dependency-confusion
exfiltration-credentials
exfiltration-browser-data
exfiltration-crypto
exfiltration-env-variables
files-exfiltration
exfiltration-ssh-keys
The package overrides the install command in setup.py to execute malicious code during installation.
abuses-pth

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-06-08T20:18:23.050863703Z",
            "versions": [
                "99.0.0",
                "99.0.1",
                "99.0.2",
                "99.0.3"
            ],
            "sha256": "523b928ceb73227e96f02eb85783222da17d0e716c9c7012b4cbcafd1e787f58",
            "id": "pypi/2026-06-nerfstudio-gs/nerfstudio-gs",
            "source": "kam193",
            "modified_time": "2026-06-08T19:53:43.085902Z"
        },
        {
            "modified_time": "2026-06-08T20:02:05.322342Z",
            "versions": [
                "99.0.0",
                "99.0.1",
                "99.0.2",
                "99.0.3"
            ],
            "sha256": "42534f036c9f6bfba22f4712a4c2bd08fd66656db742bb2ce60daaad0d38fcca",
            "id": "pypi/2026-06-nerfstudio-gs/nerfstudio-gs",
            "source": "kam193",
            "import_time": "2026-06-08T21:15:24.069617592Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://discord.com/api/webhooks/1513619364555919634/5JK4RBrOvQ1GTFDIMZ66pPbYTGwlkA69p0-rwWK8eLHUSznjm9HoAIePcj006MLnx2Te"
        ]
    }
}

References

https://bad-packages.kam193.eu/pypi/package/nerfstudio-gs

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / nerfstudio-gs

Package

Name: nerfstudio-gs; View open source insights on deps.dev
Purl: pkg:pypi/nerfstudio-gs

Affected ranges

Affected versions

99.*

99.0.0

99.0.1

99.0.2

99.0.3

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/nerfstudio-gs/MAL-2026-5333.json"