PYSEC-2024-1

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/gratient/PYSEC-2024-1.yaml

Published

2024-01-03T23:23:36.586611Z

Modified

2024-01-03T22:31:36Z

Summary

gratient 0.5 contains credential harvesting code

Details

gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram.

References

• https://inspector.pypi.io/project/gratient/0.5/packages/c5/c5/353e45fa57fa5f1b2b42fa24a029cdfb018d7263850fb43b6d6352157734/gratient-0.5-py3-none-any.whl/gratient/__init__.py#line.4
• https://pypi.org/project/gratient/