MAL-2026-916

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/alibabacloude/MAL-2026-916.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-916
Published
2026-02-16T11:20:53Z
Modified
2026-02-16T11:52:27.899389Z
Summary
Malicious code in alibabacloude (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (c45df7f85cfaba4bf141f0a17ba2d0987e080131bab1f1233798a1287d63fa7f)

Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is not inside. The newest describe similar functionality, but the inside is highly obfuscated. Package names closely reassemble names of real Alibaba packages

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-02-alibabacloude

Reasons (based on the campaign):

  • typosquatting

  • impersonation

  • obfuscation

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "kam193",
            "id": "pypi/2026-02-alibabacloude/alibabacloude",
            "import_time": "2026-02-16T11:47:05.909094737Z",
            "modified_time": "2026-02-16T11:20:53.197975Z",
            "sha256": "c45df7f85cfaba4bf141f0a17ba2d0987e080131bab1f1233798a1287d63fa7f",
            "versions": [
                "2.2.0",
                "2.13.37"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / alibabacloude

Package

Name
alibabacloude
View open source insights on deps.dev
Purl
pkg:pypi/alibabacloude

Affected ranges

Affected versions

2.*
2.2.0
2.13.37

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/alibabacloude/MAL-2026-916.json"