MAL-2026-3105

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mypypipkg/MAL-2026-3105.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2026-3105

Published

2026-04-27T21:21:43Z

Modified

2026-04-27T22:06:44.774951Z

Summary

Malicious code in mypypipkg (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677)

When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the VSCode instance online and gain remote access to the machine as the user running the code.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-04-old-mypypipkg

Reasons (based on the campaign):

vscode-tunnel

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-04-27T21:21:43.687161Z",
            "sha256": "a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677",
            "source": "kam193",
            "versions": [
                "0.1.0",
                "0.1.1"
            ],
            "import_time": "2026-04-27T21:50:25.222107416Z",
            "id": "pypi/2026-04-old-mypypipkg/mypypipkg"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/mypypipkg

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / mypypipkg

Package

Name: mypypipkg; View open source insights on deps.dev
Purl: pkg:pypi/mypypipkg

Affected ranges

Affected versions

0.*

0.1.0

0.1.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mypypipkg/MAL-2026-3105.json"