{"id":"MAL-2024-10043","summary":"Malicious code in mecit2 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (c9131eebc14bbebfb234f0f0c49ca47882df2140d1061d201735c360b866a867)\nPackage uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: SCRIPT_KIDDIE-thegoodhacker-paquete\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - Package uses simple pre-prepared tools to create a low-quality malicious action.\n","modified":"2026-03-19T13:03:43.588883Z","published":"2024-08-05T22:25:51Z","database_specific":{"iocs":{"urls":["https://github.com/thegoodhackertv/malpip"]},"malicious-packages-origins":[{"sha256":"0366a82bd80ebd496fca0e33a2b31bd4adfd786eea8d2a90962c8f655d18300d","id":"RLMA-2024-08507","versions":["1.0.0"],"source":"reversing-labs","modified_time":"2024-10-16T14:43:36Z","import_time":"2024-10-24T00:57:00.535605677Z"},{"sha256":"8056748921e3bcfb0c80aaec2349f146f5d63dea84ebe61b58fc1d38d0f3e542","id":"pypi/SCRIPT_KIDDIE-thegoodhacker-paquete/mecit2","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-08-05T22:25:51Z","import_time":"2025-12-02T22:30:55.331437023Z"},{"sha256":"c9131eebc14bbebfb234f0f0c49ca47882df2140d1061d201735c360b866a867","id":"pypi/SCRIPT_KIDDIE-thegoodhacker-paquete/mecit2","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-08-05T22:25:51Z","import_time":"2025-12-02T23:07:18.359770153Z"},{"sha256":"16c4ef9a1a1d895fc26fca8dd9dd3b37b3fc16c8f8c0fdb2055c2b45a8573cd3","id":"pypi/SCRIPT_KIDDIE-thegoodhacker-paquete/mecit2","versions":["1.0.0"],"source":"kam193","modified_time":"2024-08-05T22:25:51Z","import_time":"2025-12-10T21:38:57.589203446Z"},{"sha256":"b627efa49f03f4987eaad933a1e6e0de267fe5214904e26911f7f29f29171e77","id":"RLUA-2026-00508","source":"reversing-labs","modified_time":"2026-03-18T12:15:59Z","import_time":"2026-03-19T12:20:03.114812734Z"}]},"references":[{"type":"WEB","url":"https://github.com/thegoodhackertv/malpip"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/mecit2"}],"affected":[{"package":{"name":"mecit2","ecosystem":"PyPI","purl":"pkg:pypi/mecit2"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mecit2/MAL-2024-10043.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}