{"id":"MAL-2023-8356","summary":"Malicious code in aliyun-oss2 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: checkmarx (8c33f6b28da216b43120a3b8a8537d0263dc1eb2b22979a4183b371ff57b9e0b)\nMalicious Typosquatting packages campaign targeting developers, steals cloud service credentials\n\n## Source: google-open-source-security (a47b0bcf41b0d36b78b3429f9f22415630b3870da18554d21c2123212bc992f4)\nAttack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI.\n\nThe malicious code was hidden in strategicly chosen functions and would only trigger when these\nfunctions were called. The malicious code does not automatically run on install or import,\nhelping the packages evade detection.\n","modified":"2023-10-16T05:42:04Z","published":"2023-08-14T13:15:04Z","database_specific":{"iocs":{"urls":["http://119.8.26.163:58888/p/b66886/os11/","https://api.aliyun-sdk-requests.xyz/tencent","https://tg.aliyun-sdk-requests.xyz/telegram","https://api.aliyun-sdk-requests.xyz/aws","https://api.aliyun-sdk-requests.xyz/aliyun"],"ips":["119.8.26.163"]},"malicious-packages-origins":[{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2023-10-13T03:24:19.546460852Z","modified_time":"2023-10-13T03:23:13Z","sha256":"a47b0bcf41b0d36b78b3429f9f22415630b3870da18554d21c2123212bc992f4","source":"google-open-source-security"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2023-10-15T12:42:01.634169955Z","modified_time":"2023-10-15T10:12:58Z","sha256":"8c33f6b28da216b43120a3b8a8537d0263dc1eb2b22979a4183b371ff57b9e0b","source":"checkmarx"}]},"references":[{"type":"ARTICLE","url":"https://checkmarx.com/blog/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack/"},{"type":"ARTICLE","url":"https://medium.com/checkmarx-security/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack-f44e60eacbdd"}],"affected":[{"package":{"name":"aliyun-oss2","ecosystem":"PyPI","purl":"pkg:pypi/aliyun-oss2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aliyun-oss2/MAL-2023-8356.json"}}],"schema_version":"1.7.3","credits":[{"name":"Checkmarx","contact":["supplychainsecurity@checkmarx.com","https://bit.ly/checkmarx-malicious-packages"],"type":"FINDER"}]}