MAL-2026-5756

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/easyaillm/MAL-2026-5756.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5756

Published

2026-06-14T01:55:27Z

Modified

2026-06-14T22:00:56.410763312Z

Summary

Malicious code in easyaillm (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b6268f175708584b9c3de408c80de3dc1162f4d1ddedb1ce6201b90f409b0dea)

On pip install easyaillm, setup.py runs exec(base64.b64decode(...)) which decodes to code that fetches https://pastebin.com/raw/hEF5HaFc, treats the response body as a second URL, downloads that URL's bytes to pkg_installer.exe, and executes it via os.system('cmd /c pkg_installer.exe'). The attack stages are concealed behind a base64 blob and exec() indirection, while the package metadata advertises an unrelated LLM/Roblox API purpose as cover. The pastebin source is mutable and anonymous, allowing the operator to swap the second-stage URL and ultimately the executed binary at any time. Installing this package on Windows results in arbitrary attacker-controlled code execution on the installer's machine.

Source: kam193 (8b2e19d96463fddff4bb8d7b73696ea1929c0cd8bb4948204e0913c77da0fbb7)

During installation, the obfuscsted code attempts to download and start a malicious executable. The published versions contained issues preventing successful downloading, but it was possible to recover the intended executable during the analysis.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-easyaillm

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
malware

Database specific

{
    "iocs": {
        "urls": [
            "https://pastebin.com/raw/hEF5HaFc",
            "https://pastebin.com/raw/yBcUM1QBs",
            "https://pastebin.com/raw/yBcUM1QB"
        ],
        "domains": [
            "fixars.top"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "pypi/2026-06-easyaillm/easyaillm",
            "versions": [
                "2.0.15",
                "2.0.16"
            ],
            "sha256": "8b2e19d96463fddff4bb8d7b73696ea1929c0cd8bb4948204e0913c77da0fbb7",
            "source": "kam193",
            "modified_time": "2026-06-14T01:55:28.017116Z",
            "import_time": "2026-06-14T02:22:45.872030245Z"
        },
        {
            "id": "IN-MAL-2026-006446",
            "versions": [
                "2.0.15"
            ],
            "sha256": "b0cfcf55b6a8ee07ad52674f63dceafc20f70f4aa26e982055ab117caf492a1f",
            "source": "amazon-inspector",
            "modified_time": "2026-06-14T07:07:11Z",
            "import_time": "2026-06-14T07:43:27.206486555Z"
        },
        {
            "id": "IN-MAL-2026-006445",
            "versions": [
                "2.0.15"
            ],
            "sha256": "b6268f175708584b9c3de408c80de3dc1162f4d1ddedb1ce6201b90f409b0dea",
            "source": "amazon-inspector",
            "modified_time": "2026-06-14T07:07:10Z",
            "import_time": "2026-06-14T07:43:27.169566493Z"
        },
        {
            "id": "pypi/2026-06-easyaillm/easyaillm",
            "versions": [
                "2.0.15",
                "2.0.16"
            ],
            "sha256": "49a89e2a264a57c1c5316080b20439b7b50b022db53db99efcce9b2bed887162",
            "source": "kam193",
            "modified_time": "2026-06-14T01:55:28.017116Z",
            "import_time": "2026-06-14T09:11:41.990463777Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / easyaillm

Package

Name: easyaillm; View open source insights on deps.dev
Purl: pkg:pypi/easyaillm

Affected ranges

Affected versions

2.*

2.0.15

2.0.16

Database specific

indicators

{
    "evidence_files": [
        {
            "path": "setup.py",
            "sha256": "6c59a2c93527fcc0286be77507a3b9046ebab4ed43656ca8ead7167c10d01b85",
            "tlsh": "04318273ced59b852bf9454c44ab780ae560db6b24e0a88ffb3e87802f38261a49054c"
        }
    ],
    "package_integrity": [
        {
            "filename": "easyaillm-2.0.15.tar.gz",
            "hashes": {
                "md5": "00341fd8bff30ddc6fb9f5a716d0e2a7",
                "blake2b_256": "e69edda4b0fdb2e2702be79ec9f6cc38ce091c5e4686dd2e6698d157712bbd33",
                "sha256": "22fd6fdaaecf2c9b2703f9df76c0b8869599c5ef666135f0c8d264009edb113a"
            }
        }
    ],
    "ips": [
        "172.66.171.73"
    ],
    "domains": [
        "pastebin.com"
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/easyaillm/MAL-2026-5756.json"

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]