MAL-2026-912

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/http-request-toolkit/MAL-2026-912.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-912

Published

2026-02-16T07:03:21Z

Modified

2026-03-19T12:53:43.717866Z

Summary

Malicious code in http-request-toolkit (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (13b29a753802db633ab987963543535999a246049761d4d29699b66edf207f13)

During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-02-requests-toolkit

Reasons (based on the campaign):

impersonation
infostealer
malware
The package contains code to detect if it is running in a sandbox environment.
keylogger

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "pypi/2026-02-requests-toolkit/http-request-toolkit",
            "import_time": "2026-02-16T07:28:49.580166101Z",
            "source": "kam193",
            "modified_time": "2026-02-16T07:03:21.22114Z",
            "sha256": "13b29a753802db633ab987963543535999a246049761d4d29699b66edf207f13",
            "versions": [
                "2.28.3",
                "2.28.4",
                "2.28.5"
            ]
        },
        {
            "id": "RLMA-2026-00396",
            "import_time": "2026-03-19T12:18:17.967835409Z",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:14:43Z",
            "sha256": "8611f488d8714ccabd0499250be69556cbaffbf4b7e0bc18b179bde7fff3d722",
            "versions": [
                "2.28.3",
                "2.28.4",
                "2.28.5"
            ]
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / http-request-toolkit

Package

Name: http-request-toolkit; View open source insights on deps.dev
Purl: pkg:pypi/http-request-toolkit

Affected ranges

Affected versions

2.*

2.28.3

2.28.4

2.28.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/http-request-toolkit/MAL-2026-912.json"