{"id":"MAL-2024-9937","summary":"Malicious code in aiohttp-libscss (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0)\nImitate legit package, when used, sends out the URL of web application using the package\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-08-app-url-to-telegram\n\n\nReasons (based on the campaign):\n\n\n - clones-real-package\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - dependency-confusion\n\n\n - action-hidden-in-lib-usage\n","modified":"2026-03-19T13:00:14.665896Z","published":"2024-08-10T13:21:32Z","database_specific":{"iocs":{"urls":["https://api.telegram.org/bot7168168551:AAEmMGUSJ_Pd7l6YAMQs-ySXM1FXueUOJtY/sendMessage?chat_id=6977902769&text="]},"malicious-packages-origins":[{"source":"reversing-labs","sha256":"7e86db9cfebc3da4b6b1fe1fa23176f441477423b19eaf961cd04b88d675a8da","id":"RLMA-2024-07803","versions":["0.23.0","0.23.1","0.23.2","0.24.0","0.25.0","0.26.0"],"modified_time":"2024-10-16T14:36:16Z","import_time":"2024-10-24T00:56:53.051121405Z"},{"source":"kam193","sha256":"10e874787e38ecc45c41814fb6b05aa9b208d8834be111a799c02d007cf90d7f","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"id":"pypi/2024-08-app-url-to-telegram/aiohttp-libscss","modified_time":"2024-08-10T13:21:32Z","import_time":"2025-12-02T22:30:54.88974654Z"},{"source":"kam193","sha256":"d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"id":"pypi/2024-08-app-url-to-telegram/aiohttp-libscss","modified_time":"2024-08-10T13:21:32Z","import_time":"2025-12-02T23:07:17.933612527Z"},{"source":"kam193","sha256":"51c95dddfe1fd8c1f56e3a0b9301e8b3bfb3c5feece0058e12a977dec2184d23","id":"pypi/2024-08-app-url-to-telegram/aiohttp-libscss","versions":["0.23.1","0.23.0","0.23.2","0.24.0","0.25.0","0.26.0"],"modified_time":"2024-08-10T13:21:32Z","import_time":"2025-12-10T21:38:57.242386173Z"},{"source":"kam193","sha256":"c4716ac05da16d0201292783458af845eba3b2ead25c15abbf7088ac99503ea5","id":"pypi/2024-08-app-url-to-telegram/aiohttp-libscss","versions":["0.23.0","0.23.1","0.23.2","0.24.0","0.25.0","0.26.0"],"modified_time":"2024-08-10T13:21:32Z","import_time":"2025-12-30T22:39:04.02772613Z"},{"source":"reversing-labs","sha256":"b9873b94fea7b5b1954efb326f0da4ba979d184a281c04b37ccc3ece2f2f201a","id":"RLUA-2026-00042","modified_time":"2026-03-18T12:10:47Z","import_time":"2026-03-19T12:19:20.516036637Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/aiohttp-libscss"}],"affected":[{"package":{"name":"aiohttp-libscss","ecosystem":"PyPI","purl":"pkg:pypi/aiohttp-libscss"},"versions":["0.23.0","0.23.1","0.23.2","0.24.0","0.25.0","0.26.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiohttp-libscss/MAL-2024-9937.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}