PYSEC-2024-1

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/gratient/PYSEC-2024-1.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2024-1
Published
2024-01-03T23:23:36.586611Z
Modified
2024-01-03T22:31:36Z
Summary
gratient 0.5 contains credential harvesting code
Details

gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram.

References
Credits
    • Mike Fiedler - ANALYST
    • Mike Fiedler - COORDINATOR

Affected packages

PyPI / gratient

Package

Affected ranges

Affected versions

0.*

0.5