MAL-2026-5722

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/textwrap-toolkit-stager/MAL-2026-5722.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5722

Published

2026-06-12T21:02:20Z

Modified

2026-06-12T22:45:58.255024331Z

Summary

Malicious code in textwrap-toolkit-stager (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4)

On import textwrap_toolkit_stager, the package's __init__.py unconditionally fetches Python source from http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py via urllib.request.urlopen and passes the response bytes directly to exec(code_bytes, {"__name__": "__main__"}). The fetch uses a bare IP over plaintext HTTP, with no version pinning, no hash verification, and errors silently swallowed. Any process that imports this package executes attacker-controlled Python code from 194.5.152.9 with the full privileges of the importing user. The package's advertised purpose ('lightweight utility for advanced text wrapping') has no implementation in the shipped code — the module's sole behavior is the remote stager. The package name itself self-describes the intent ('stager').

Source: kam193 (b5c75bdcf659eb0064e71470edd2140960c88803c906fcc5a4c9ec21b970e887)

During import, package downloads and executes an obfuscated script. The code then adds a new authorized SSH key and reports back the IP of the current environment. After that, the code also attempts to exfiltrate cryptocurrency wallet data

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-textwrap-toolkit-stager

Reasons (based on the campaign):

backdoor
obfuscation
Downloads and executes a remote malicious script.
crypto-related
exfiltration-crypto

Database specific

{
    "iocs": {
        "urls": [
            "http://194.5.152.9:5555/report",
            "http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py"
        ],
        "ips": [
            "194.5.152.9"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-006244",
            "import_time": "2026-06-12T21:38:19.257612007Z",
            "sha256": "4437efa58f3f2d623e1f838fae81387714723d9a9f001a22761add0dab13cdce",
            "source": "amazon-inspector",
            "modified_time": "2026-06-12T21:02:21Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "id": "pypi/2026-06-textwrap-toolkit-stager/textwrap-toolkit-stager",
            "import_time": "2026-06-12T21:38:21.769092262Z",
            "sha256": "14493be47d247105b710bad8f013da1d30199190d7f65b765f587b6c82002e75",
            "source": "kam193",
            "modified_time": "2026-06-12T21:04:44.413711Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "id": "IN-MAL-2026-006243",
            "versions": [
                "1.0.0"
            ],
            "sha256": "9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4",
            "source": "amazon-inspector",
            "modified_time": "2026-06-12T21:02:20Z",
            "import_time": "2026-06-12T21:38:19.152888864Z"
        },
        {
            "id": "pypi/2026-06-textwrap-toolkit-stager/textwrap-toolkit-stager",
            "versions": [
                "1.0.0"
            ],
            "sha256": "b5c75bdcf659eb0064e71470edd2140960c88803c906fcc5a4c9ec21b970e887",
            "source": "kam193",
            "modified_time": "2026-06-12T21:04:44.413711Z",
            "import_time": "2026-06-12T22:36:31.761090524Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / textwrap-toolkit-stager

Package

Name: textwrap-toolkit-stager; View open source insights on deps.dev
Purl: pkg:pypi/textwrap-toolkit-stager

Affected ranges

Affected versions

1.*

1.0.0

Database specific

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "path": "textwrap_toolkit_stager/__init__.py",
            "sha256": "0163c7181d983fb82872ed6df0aef6fd8b845daf246928b6bcf0a349bc9c91ec",
            "tlsh": "9ee0262b4c247cf3858750a86214e6e2b22ba80bb113e838fadd33d82f4983cc450486"
        }
    ],
    "package_integrity": [
        {
            "filename": "textwrap_toolkit_stager-1.0.0-py3-none-any.whl",
            "hashes": {
                "md5": "a49be0a2da95fdca72beab0cc43b201b",
                "blake2b_256": "9c9304c208527fcf24d0219b142d81c720c4f8e2ae6f5ca88ee9faa5fba92dee",
                "sha256": "855223031b298c40bae7def9ed5bc20cc4425ba7599c15425629845dfb578ef8"
            }
        },
        {
            "filename": "textwrap_toolkit_stager-1.0.0.tar.gz",
            "hashes": {
                "md5": "82109d697f7f1bc6192070aada8964d0",
                "blake2b_256": "393312237523e92f697b7e2fb28ba6668b193e7e38df33c83b822c840a8b778c",
                "sha256": "0e78a23feb3e7b01e4a0cc6ba2ad7b5350740cc5c9487d906396a614d2b16b37"
            }
        }
    ],
    "domains": [
        "api.ipify.org"
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/textwrap-toolkit-stager/MAL-2026-5722.json"