MAL-2026-6758

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/httpprobe/MAL-2026-6758.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6758
Published
2026-07-04T18:05:11Z
Modified
2026-07-04T18:30:56.703580897Z
Summary
Malicious code in httpprobe (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (5a1fef079efe68484b2d37fb2e1bb3d0cebfeccf27a8a0f9b1e8436e664ea42e)

If run as a module and during installation, the package attempts to download and start an executable described as a Mirai agent. During analysis, the Onion website hosting executable was not available. Using Onion and localhost fallback suggests the package was not yet ready to deliver malicious actions to the end users.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-httpprobe

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "5a1fef079efe68484b2d37fb2e1bb3d0cebfeccf27a8a0f9b1e8436e664ea42e",
            "source": "kam193",
            "modified_time": "2026-07-04T18:05:11.41858Z",
            "id": "pypi/2026-07-httpprobe/httpprobe",
            "import_time": "2026-07-04T18:25:33.380426755Z"
        }
    ],
    "iocs": {
        "urls": [
            "http://sytej5umomwukd77aantkxqj4aoke3kfist6eyne2pngavgsakum3iid.onion/mirai_agent.exe"
        ]
    }
}
References
Credits

Affected packages

PyPI / httpprobe

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/httpprobe/MAL-2026-6758.json"