MAL-2026-469

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cflashfiles/MAL-2026-469.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2026-469
Published
2026-01-22T20:58:55Z
Modified
2026-01-22T21:52:37.111925Z
Summary
Malicious code in cflashfiles (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (d8c5174968b7dedf000076201fe6446018aa61048b6a77fc8bc42e16bb796fd9)

Malicious clone of legitimate fsspec package. The code was modified to exfiltrate specific files on import.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-01-old-cflashfiles

Reasons (based on the campaign):

  • clones-real-package

  • files-exfiltration

Database specific 
{
    "iocs": {
        "urls": [
            "http://87.251.77.103:5000"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "pypi/2026-01-old-cflashfiles/cflashfiles",
            "import_time": "2026-01-22T21:40:25.558752842Z",
            "modified_time": "2026-01-22T21:00:29.269456Z",
            "sha256": "d8c5174968b7dedf000076201fe6446018aa61048b6a77fc8bc42e16bb796fd9",
            "versions": [
                "2.1",
                "2.2",
                "2.3"
            ],
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / cflashfiles

Package

Name
cflashfiles
View open source insights on deps.dev
Purl
pkg:pypi/cflashfiles

Affected ranges

Affected versions

2.*
2.1
2.2
2.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cflashfiles/MAL-2026-469.json"