MAL-2023-8354

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/alibabacloud-vpc20180317/MAL-2023-8354.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2023-8354
Published
2023-09-01T11:30:06Z
Modified
2023-10-16T05:42:04Z
Summary
Malicious code in alibabacloud-vpc20180317 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: checkmarx (0c24b33d1db8fffd5daaf1985d25add4bc66e7879e1a6efbc7ae706816931834)

Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials

Source: google-open-source-security (54cd0ad4627d65e2f30a3b3b165148a924014b94af0d3a6a0b23a265f2b02b4c)

Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI.

The malicious code was hidden in strategicly chosen functions and would only trigger when these functions were called. The malicious code does not automatically run on install or import, helping the packages evade detection.

Database specific
{
    "iocs": {
        "urls": [
            "http://119.8.26.163:58888/p/b66886/os11/",
            "https://api.aliyun-sdk-requests.xyz/tencent",
            "https://tg.aliyun-sdk-requests.xyz/telegram",
            "https://api.aliyun-sdk-requests.xyz/aws",
            "https://api.aliyun-sdk-requests.xyz/aliyun"
        ],
        "ips": [
            "119.8.26.163"
        ]
    },
    "malicious-packages-origins": [
        {
            "sha256": "54cd0ad4627d65e2f30a3b3b165148a924014b94af0d3a6a0b23a265f2b02b4c",
            "import_time": "2023-10-13T03:24:19.536533129Z",
            "source": "google-open-source-security",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2023-10-13T03:23:13Z"
        },
        {
            "sha256": "0c24b33d1db8fffd5daaf1985d25add4bc66e7879e1a6efbc7ae706816931834",
            "import_time": "2023-10-15T12:42:01.632818797Z",
            "source": "checkmarx",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2023-10-15T10:12:58Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / alibabacloud-vpc20180317

Package

Name
alibabacloud-vpc20180317
View open source insights on deps.dev
Purl
pkg:pypi/alibabacloud-vpc20180317

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected