{"id":"MAL-2022-7441","summary":"Malicious code in reuests (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: checkmarx (8595aba5fb09b2fb54831d18452e4a1980daf222f8ea4d62b50d29446419c309)\nMalicious packages typosquatting the popular requests package. payload execute a cryptomining malware\n","modified":"2022-05-31T20:12:58Z","published":"2022-05-31T00:00:00Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2022-05-31T20:12:58Z","source":"checkmarx","sha256":"8595aba5fb09b2fb54831d18452e4a1980daf222f8ea4d62b50d29446419c309","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2023-09-04T09:20:36.391684662Z"}],"iocs":{"strings":["44ZptWtXxVhjLYGz8oKCMSW6nA9Gpc2RVYQDzyBnaM7VZkaCTGZGEANQTR3pNXK3mzZq1cVzKs1SA3H4Wibc6qVvG5xpcSY"],"domains":["serene-springs-50769.herokuapp.com"]}},"references":[{"type":"ARTICLE","url":"https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d"}],"affected":[{"package":{"name":"reuests","ecosystem":"PyPI","purl":"pkg:pypi/reuests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/reuests/MAL-2022-7441.json"}}],"schema_version":"1.7.3","credits":[{"name":"Checkmarx","contact":["supplychainsecurity@checkmarx.com","https://bit.ly/checkmarx-malicious-packages"],"type":"FINDER"}]}