{"id":"MAL-2024-9939","summary":"Malicious code in anaconda-anon-usage (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (681441a370f0819063d937bf24e1c9fdff7fd9dc5201da7e2c577d8a547fff51)\nThe package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2024-08-moti-analytics\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n","modified":"2026-03-19T13:01:44.105754Z","published":"2024-08-23T21:20:09Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-10-16T14:36:20Z","source":"reversing-labs","versions":["0.4.9"],"sha256":"7f15aa76dc7a25d78348920ecc166176ae7d8c650820a549101d0c992d280ff2","import_time":"2024-10-24T00:56:53.191937862Z","id":"RLMA-2024-07813"},{"modified_time":"2024-08-23T21:20:09Z","source":"kam193","sha256":"2461ce245ed1d160246d376e56cff9bb652e92d15f33484d553863493c6ca83b","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T22:30:55.83169013Z","id":"pypi/2024-08-moti-analytics/anaconda-anon-usage"},{"modified_time":"2024-08-23T21:20:09Z","source":"kam193","sha256":"681441a370f0819063d937bf24e1c9fdff7fd9dc5201da7e2c577d8a547fff51","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T23:07:19.011289752Z","id":"pypi/2024-08-moti-analytics/anaconda-anon-usage"},{"modified_time":"2024-08-23T21:20:09Z","source":"kam193","versions":["0.4.9"],"sha256":"13db314b26193e425dbdda1c92c17cfd11619d04857b6349801d0f7682b45336","import_time":"2025-12-10T21:07:53.032422647Z","id":"pypi/2024-08-moti-analytics/anaconda-anon-usage"},{"modified_time":"2026-03-18T12:11:00Z","source":"reversing-labs","sha256":"40d0afbf0f97bb45365053a9f5328c9db40d68465e3227d9da01b05e774eaa99","import_time":"2026-03-19T12:19:22.248339085Z","id":"RLUA-2026-00064"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/anaconda-anon-usage"}],"affected":[{"package":{"name":"anaconda-anon-usage","ecosystem":"PyPI","purl":"pkg:pypi/anaconda-anon-usage"},"versions":["0.4.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/anaconda-anon-usage/MAL-2024-9939.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}