MAL-2026-917
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aliyun-python-sdk-v2/MAL-2026-917.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-917
- Published
- 2026-02-16T11:28:09Z
- Modified
- 2026-02-16T11:54:43.857818Z
- Summary
- Malicious code in aliyun-python-sdk-v2 (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (29bd2455a576643c51939bd166abab847afd04c3142b576e3f9f0c7978763181)
Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is not inside. The newest describe similar functionality, but the inside is highly obfuscated. Package names closely reassemble names of real Alibaba packages
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-alibabacloude
Reasons (based on the campaign):
typosquatting
impersonation
obfuscation
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-02-16T11:47:05.909870825Z", "modified_time": "2026-02-16T11:28:09.92139Z", "id": "pypi/2026-02-alibabacloude/aliyun-python-sdk-v2", "sha256": "29bd2455a576643c51939bd166abab847afd04c3142b576e3f9f0c7978763181", "source": "kam193", "versions": [ "2.13.36" ] } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193) - REPORTER
-
Affected packages
PyPI / aliyun-python-sdk-v2
Package
- Name
- aliyun-python-sdk-v2
- View open source insights on deps.dev
- Purl
- pkg:pypi/aliyun-python-sdk-v2