MAL-2026-762
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/metadata-checker/MAL-2026-762.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-762
- Published
- 2026-02-05T14:30:34Z
- Modified
- 2026-02-05T16:09:38.416941Z
- Summary
- Malicious code in metadata-checker (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (222755e960642163a0918eeb42baef3dedec6676e084a02742210fb83b7d99e5)
Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-metadata-checker
Reasons (based on the campaign):
exfiltration-generic
obfuscation
- Database specific
{ "malicious-packages-origins": [ { "id": "pypi/2026-02-metadata-checker/metadata-checker", "import_time": "2026-02-05T14:48:13.928240905Z", "modified_time": "2026-02-05T14:30:34.356269Z", "sha256": "222755e960642163a0918eeb42baef3dedec6676e084a02742210fb83b7d99e5", "source": "kam193", "versions": [ "1.2.0" ] }, { "id": "pypi/2026-02-metadata-checker/metadata-checker", "import_time": "2026-02-05T15:18:43.58869609Z", "modified_time": "2026-02-05T14:30:34.356269Z", "sha256": "4520dac4fe874a822ca181ea00a3aeff52f7834c4a7a853a11c02e02836b2361", "source": "kam193", "versions": [ "1.2.0" ] } ], "iocs": { "domains": [ "8d7sabfsd2.youkyy.com", "youkyy.com" ], "urls": [ "https://8d7sabfsd2.youkyy.com/MyData.php", "https://8d7sabfsd2.youkyy.com/1.php" ] } }- References
- Credits
-
-
- Kamil Mańkowski (kam193) - ANALYST
-
- Kamil Mańkowski (kam193) - REPORTER
-
Affected packages
PyPI / metadata-checker
Package
- Name
- metadata-checker
- View open source insights on deps.dev
- Purl
- pkg:pypi/metadata-checker