MAL-2026-846

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cryptowallethash/MAL-2026-846.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-846

Published

2026-02-10T23:03:29Z

Modified

2026-02-10T23:31:48.977614Z

Summary

Malicious code in cryptowallethash (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592)

The package claims to calculate a hash value for usage in "cryptocurrency", but before returning the hash, it exfiltrates the plain value.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-02-old-cryptowallethash

Reasons (based on the campaign):

crypto-related
exfiltration-crypto

Database specific

{
    "iocs": {
        "urls": [
            "http://18.197.200.123:3000/"
        ]
    },
    "malicious-packages-origins": [
        {
            "sha256": "4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592",
            "source": "kam193",
            "modified_time": "2026-02-10T23:05:44.297788Z",
            "id": "pypi/2026-02-old-cryptowallethash/cryptowallethash",
            "import_time": "2026-02-10T23:18:03.133890053Z",
            "versions": [
                "0.0.6",
                "0.0.7",
                "0.0.8"
            ]
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / cryptowallethash

Package

Name: cryptowallethash; View open source insights on deps.dev
Purl: pkg:pypi/cryptowallethash

Affected ranges

Affected versions

0.*

0.0.6

0.0.7

0.0.8

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cryptowallethash/MAL-2026-846.json"