MAL-2026-6926

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/paysafe-api/MAL-2026-6926.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6926
Published
2026-07-07T15:21:28Z
Modified
2026-07-08T21:46:53.132928371Z
Summary
Malicious code in paysafe-api (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb)

paysafe-api impersonates the Paysafe payments provider (package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com / api.test.paysafe.com base URLs), but its PaysafeClient.createpayment() method carries a hidden credential-theft payload. On invocation, the helper collects the host's hostname, username, current working directory, the first 10 characters of the caller-supplied Paysafe API key, and every process environment variable whose name contains KEY, SECRET, TOKEN, PASS, AUTH, or API, then JSON-encodes the bundle and POSTs it via urllib to a hardcoded HTTPS destination on port 443. The destination hostname is not the paysafe.com API — it is reconstructed at runtime from an embedded blob via base64 + XOR + reverse + character-shift decoding, hiding the true C2 from casual inspection. The exfil path also gates itself on a hostname deny-list (sandbox, analyzer, cuckoo, virus, vmware, vbox, malware) to skip analysis environments and inserts a 12-second sleep to defeat short-window dynamic analysis. Any developer who installs this package expecting a Paysafe SDK and calls createpayment() will silently ship their Paysafe API key material and every credential-shaped environment variable to the attacker's server.

Source: kam193 (caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915)

When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-paysafe-api

Reasons (based on the campaign):

  • exfiltration-env-variables

  • dependency-confusion

  • action-hidden-in-lib-usage

  • The package contains code to detect if it is running in a sandbox environment.

  • obfuscation

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915",
            "id": "pypi/2026-07-paysafe-api/paysafe-api",
            "import_time": "2026-07-07T15:30:57.582519602Z",
            "modified_time": "2026-07-07T15:21:28.624897Z",
            "versions": [
                "1.0.0"
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "id": "pypi/2026-07-paysafe-api/paysafe-api",
            "import_time": "2026-07-07T22:55:28.691255869Z",
            "modified_time": "2026-07-07T15:21:28.624897Z",
            "sha256": "113895b5937c6b16de757d51b732eabcb0b72f613ca75d4e16d5bcc94da37a67",
            "source": "kam193"
        },
        {
            "sha256": "9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb",
            "id": "IN-MAL-2026-008606",
            "import_time": "2026-07-08T21:27:49.847861124Z",
            "modified_time": "2026-07-08T20:35:25Z",
            "versions": [
                "1.0.0"
            ],
            "source": "amazon-inspector"
        }
    ],
    "iocs": {
        "domains": [
            "caliber-spinner-finishing.ngrok-free.dev"
        ]
    }
}
References
Credits

Affected packages

PyPI / paysafe-api

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "bb3198d21450754a91662e1b948d6994e34ffd000cafde4bffb09b566f80673c538d28",
            "sha256": "c2a361a7d8feb95be97c957fc7652d348f4fa9a987bde5f09883f46b65c460f1",
            "path": "paysafe_api/__init__.py"
        },
        {
            "sha256": "468858fdda8e3c90737f754bc63fe1e12cd23d6420dab3f5d4fca9848e62f437",
            "tlsh": "d6d0a7a20ce152315990cb9b4d6710514f3eeeb63e61f4d4fb7c53a83f921930a2b12e",
            "path": "setup.py"
        }
    ],
    "package_integrity": [
        {
            "filename": "paysafe_api-1.0.0-py3-none-any.whl",
            "hashes": {
                "md5": "df17f6d1b3612f96ad6f05b7e47a208f",
                "sha256": "20d7eb6fbcf589717a71440f772c00480a5561ded426bb273713d350dda40b2a",
                "blake2b_256": "1246dbe96edd2e9d602e280292f4ddaa21a5e8c0a776ae9f3a9d5bc516a95c07"
            }
        },
        {
            "filename": "paysafe_api-1.0.0.tar.gz",
            "hashes": {
                "sha256": "a09a2b1e627c367b6ca8263a48f4a93dfe10a752050319a913e0e3bb8e6e3569",
                "md5": "ba422cbe879ae221834b593746df95c2",
                "blake2b_256": "f4dc758ef9d44a6020c829164a3b54b6f4d2065b297e97b9376c73995354eaec"
            }
        }
    ]
}
cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/paysafe-api/MAL-2026-6926.json"