MAL-2026-6927

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/paysafe-kyc/MAL-2026-6927.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6927
Published
2026-07-07T15:22:13Z
Modified
2026-07-08T15:31:46.373851892Z
Summary
Malicious code in paysafe-kyc (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5)

The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK (author string 'Paysafe Developer Team', base URL https://api.paysafe.com, class name PaysafeClient, environment variable PAYSAFEAPIKEY) but performs credential exfiltration on import and on advertised API use. At import time, the module iterates os.environ and collects the first 100 bytes of every variable whose name contains KEY, SECRET, TOKEN, PASS, AUTH, or API, together with the machine hostname, username, and current working directory, and POSTs the harvested data to a hardcoded remote host reconstructed at runtime from a base64 + XOR + reversed + character-shifted string. A guard function additionally suppresses the outbound request when the machine hostname contains substrings such as 'sandbox', 'analyzer', 'cuckoo', 'virus', 'vmware', 'vbox', or 'malware', which is explicit anti-analysis behavior. The PaysafeClient.createpayment method sleeps 12 seconds and then covertly forwards a prefix of the caller-supplied PAYSAFEAPI_KEY to the same hidden endpoint, so any developer using the SDK as documented has their Paysafe API key mirrored to the attacker in addition to the real Paysafe API. The combination of brand impersonation, import-time environment credential harvest, silent relay of caller-provided API keys, obfuscated C2 hostname, and sandbox-hostname evasion is unambiguous supply-chain attack behavior.

Source: kam193 (7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092)

When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-paysafe-api

Reasons (based on the campaign):

  • exfiltration-env-variables

  • dependency-confusion

  • action-hidden-in-lib-usage

  • The package contains code to detect if it is running in a sandbox environment.

  • obfuscation

Database specific
{
    "iocs": {
        "domains": [
            "caliber-spinner-finishing.ngrok-free.dev"
        ]
    },
    "malicious-packages-origins": [
        {
            "sha256": "7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092",
            "id": "pypi/2026-07-paysafe-api/paysafe-kyc",
            "source": "kam193",
            "import_time": "2026-07-07T15:30:57.592192618Z",
            "modified_time": "2026-07-07T15:22:13.874808Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "modified_time": "2026-07-07T15:22:13.874808Z",
            "id": "pypi/2026-07-paysafe-api/paysafe-kyc",
            "source": "kam193",
            "import_time": "2026-07-07T22:55:28.725890031Z",
            "sha256": "3ebd2cbef14c7523747cb9e01c9d6721ba52df82fd6fa64bf02953e41ca73612",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "sha256": "8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5",
            "id": "IN-MAL-2026-008044",
            "source": "amazon-inspector",
            "import_time": "2026-07-08T15:19:03.307549569Z",
            "modified_time": "2026-07-08T14:30:25Z",
            "versions": [
                "1.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / paysafe-kyc

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

indicators
{
    "evidence_files": [
        {
            "path": "paysafe_kyc/__init__.py",
            "tlsh": "703198d11450744a91662e2b948d6984e34ffd000cafde4bffb09b576f80573c538d28",
            "sha256": "c6af37a6739f0d919ab7049caf3a85831cab44bdbea27e0d9de7adec80334e2b"
        },
        {
            "path": "setup.py",
            "tlsh": "aed02ea30ca253219a908e8a481711908e3aea363e21a0c4bb7c12d03b921a30b0306f",
            "sha256": "11c45cb73114c02c45f065f7f3635cb2a8d679a501e124355abf9cb3076793d1"
        }
    ],
    "package_integrity": [
        {
            "filename": "paysafe_kyc-1.0.0-py3-none-any.whl",
            "hashes": {
                "md5": "976914992c3aaaa7959355e546cebaf9",
                "blake2b_256": "4a199950a4303bce567a480f19d86deed1f23632d66dc7d6599e053033da6956",
                "sha256": "71c11f91acbde273ab3f07a13781f9064e72dabf25dd1ff6ebba9a634b95c08b"
            }
        },
        {
            "filename": "paysafe_kyc-1.0.0.tar.gz",
            "hashes": {
                "md5": "54843c06f504be2a438c7f73405162a4",
                "blake2b_256": "6414d49f9882e43eb0f081b271b56e8012183f37026e7a31db1304921f93fc6b",
                "sha256": "8e5bab739f9876690ef7d08464127f83dabccd305d13e29657a2151425713a63"
            }
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/paysafe-kyc/MAL-2026-6927.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code"
    }
]