MAL-2026-501
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/system-integration-toxi/MAL-2026-501.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2026-501
- Published
- 2026-01-25T10:15:36Z
- Modified
- 2026-01-25T10:50:46.696284Z
- Summary
- Malicious code in system-integration-toxi (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (096a1a342309a85666ad92b45da1da18ca808e16c93819a3122b2c6bbc2a15d6)
During importing the module, code downloads and executes a remote script. During the analysis of this package, the code was a placeholder, but the package is closely related to a previously published one, where the remote script was malicious.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-01-system-integration
Reasons (based on the campaign):
Downloads and executes a remote malicious script.
obfuscation
- Database specific
{ "iocs": { "urls": [ "https://juvenile-server.vercel.app/program", "https://juvenile-server.vercel.app/program.bat", "https://helper-dun-seven.vercel.app/svc.bat" ], "domains": [ "juvenile-server.vercel.app", "helper-dun-seven.vercel.app" ] }, "malicious-packages-origins": [ { "modified_time": "2026-01-25T10:15:36.156708Z", "sha256": "096a1a342309a85666ad92b45da1da18ca808e16c93819a3122b2c6bbc2a15d6", "source": "kam193", "versions": [ "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6" ], "id": "pypi/2026-01-system-integration/system-integration-toxi", "import_time": "2026-01-25T10:40:49.86765345Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193) - REPORTER
-
Affected packages
PyPI / system-integration-toxi
Package
- Name
- system-integration-toxi
- View open source insights on deps.dev
- Purl
- pkg:pypi/system-integration-toxi