{"id":"MAL-2024-10049","summary":"Malicious code in netfetcher (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (dd65e46cc7d6457bd5a631526d3e5ffcb10a70befdf2d03c005c1e5acd235a34)\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-07-vaaai-netflixchecker\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n","aliases":["SNYK-PYTHON-NETFETCHER-7924845"],"modified":"2026-03-19T12:55:13.846098Z","published":"2024-08-07T10:08:45Z","database_specific":{"malicious-packages-origins":[{"import_time":"2024-10-24T00:57:00.960858835Z","id":"RLMA-2024-08556","versions":["1.7.5"],"source":"reversing-labs","sha256":"f592111ed9f40359ad256e2ecab8855e971ac54fc6d3bfd80db702cf244b531c","modified_time":"2024-10-16T14:44:06Z"},{"import_time":"2025-12-02T22:30:55.356213247Z","id":"pypi/2024-07-vaaai-netflixchecker/netfetcher","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","sha256":"138ac0f63965ae2732aacc44c5790de75436f0d3ffe986848eecc536ccfdf0e2","modified_time":"2024-08-07T10:08:45Z"},{"import_time":"2025-12-02T23:07:18.387902721Z","id":"pypi/2024-07-vaaai-netflixchecker/netfetcher","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","sha256":"dd65e46cc7d6457bd5a631526d3e5ffcb10a70befdf2d03c005c1e5acd235a34","modified_time":"2024-08-07T10:08:45Z"},{"import_time":"2025-12-10T21:38:57.608789054Z","id":"pypi/2024-07-vaaai-netflixchecker/netfetcher","versions":["1.7.5"],"source":"kam193","sha256":"5c5250d468add900b6304f6c37c5f69306baf7c491dab057a93ea2440a2c35af","modified_time":"2024-08-07T10:08:45Z"},{"import_time":"2026-03-19T12:20:07.891854395Z","id":"RLUA-2026-00551","source":"reversing-labs","sha256":"e21d470a53dab5aafe5a301abb2681ed4a97da6b1ec2c711d50c3fe75e0e22dc","modified_time":"2026-03-18T12:16:26Z"}],"iocs":{"ips":["194.163.191.205"],"urls":["http://194.163.191.205:6963/api","http://194.163.191.205:6963/builds/Netflix_Checker.exe"]}},"references":[{"type":"WEB","url":"https://www.sonatype.com/blog/pyfetcher-netfetch-drop-netflix-checker-on-windows"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-PYTHON-NETFETCHER-7924845"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/netfetcher"}],"affected":[{"package":{"name":"netfetcher","ecosystem":"PyPI","purl":"pkg:pypi/netfetcher"},"versions":["1.7.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/netfetcher/MAL-2024-10049.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}