MAL-2026-649

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/callapirequests/MAL-2026-649.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-649
Published
2026-02-02T09:08:10Z
Modified
2026-02-02T10:02:54.746915Z
Summary
Malicious code in callapirequests (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (6e7fadeb48347b57805dea2f58d0f662e43170e0e4439a424f6dec66cf285452)

Importing the module downloads and starts remote executable identified as malware


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-foxloveyou

Reasons (based on the campaign):

  • malware

  • Downloads and executes a remote executable.

Database specific
{
    "iocs": {
        "domains": [
            "3zoz.duckdns.org"
        ],
        "urls": [
            "http://3zoz.duckdns.org:1111/1234",
            "http://3zoz.duckdns.org/config"
        ]
    },
    "malicious-packages-origins": [
        {
            "sha256": "6e7fadeb48347b57805dea2f58d0f662e43170e0e4439a424f6dec66cf285452",
            "versions": [
                "8.1.9"
            ],
            "source": "kam193",
            "id": "pypi/2025-12-foxloveyou/callapirequests",
            "modified_time": "2026-02-02T09:08:10.922819Z",
            "import_time": "2026-02-02T09:49:03.316491681Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / callapirequests

Package

Affected ranges

Affected versions

8.*
8.1.9

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/callapirequests/MAL-2026-649.json"