MAL-2026-843
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/requests-core-plugin/MAL-2026-843.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-843
- Published
- 2026-02-10T19:14:49Z
- Modified
- 2026-02-10T20:14:00.791856Z
- Summary
- Malicious code in requests-core-plugin (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (f7d809caa4cb4961377b3c02a06f90ce19136a36297191248a8c6cd289a809f2)
During installation, package loads obfuscated code that then downloads and starts an executable. The final executable is identified as malware and appears to have infostealer capabilities (collecting browser and Discord data).
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-requests-core-plugin
Reasons (based on the campaign):
malware
The package overrides the install command in setup.py to execute malicious code during installation.
impersonation
obfuscation
infostealer
- Database specific
{ "iocs": { "ips": [ "85.215.240.118" ], "urls": [ "https://pastebin.com/raw/LS7Wq1x0", "http://85.215.240.118:8002/updates/Update.exe" ] }, "malicious-packages-origins": [ { "id": "pypi/2026-02-requests-core-plugin/requests-core-plugin", "sha256": "f7d809caa4cb4961377b3c02a06f90ce19136a36297191248a8c6cd289a809f2", "source": "kam193", "versions": [ "2.31.5", "2.31.6", "2.31.7", "2.31.8", "2.31.9", "2.31.12", "2.31.13", "2.31.14", "2.31.15" ], "modified_time": "2026-02-10T19:14:49.789587Z", "import_time": "2026-02-10T19:54:11.772695578Z" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / requests-core-plugin
Package
- Name
- requests-core-plugin
- View open source insights on deps.dev
- Purl
- pkg:pypi/requests-core-plugin