{"id":"MAL-2024-10116","summary":"Malicious code in pyfetcher-vaaai (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (f237a360d6c502e99989196a60d6a7f7fc66731df01c9412c4d5e1eb00d7d8f9)\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-07-vaaai-netflixchecker\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-03-19T12:55:44.121094Z","published":"2024-08-07T10:08:45Z","database_specific":{"iocs":{"urls":["http://194.163.191.205:6963/api","http://194.163.191.205:6963/builds/Netflix_Checker.exe"],"ips":["194.163.191.205"]},"malicious-packages-origins":[{"source":"reversing-labs","sha256":"220074e4fda2b4d6f5d81df632de0f9df081097d5bb37596692893de8880bda4","modified_time":"2024-10-16T14:47:55Z","versions":["1.7.2"],"id":"RLMA-2024-08927","import_time":"2024-10-24T00:57:05.496010899Z"},{"source":"kam193","sha256":"a47780297e2fb40a55116ed8acd23400d15e72e61b651d7bd1b94265a0299a2f","modified_time":"2024-08-07T10:08:45Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"id":"pypi/2024-07-vaaai-netflixchecker/pyfetcher-vaaai","import_time":"2025-12-02T22:30:55.46411636Z"},{"source":"kam193","sha256":"f237a360d6c502e99989196a60d6a7f7fc66731df01c9412c4d5e1eb00d7d8f9","modified_time":"2024-08-07T10:08:45Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"id":"pypi/2024-07-vaaai-netflixchecker/pyfetcher-vaaai","import_time":"2025-12-02T23:07:18.488466755Z"},{"source":"kam193","sha256":"9eff06e79a85855948c9bad1f00713ac42c6c74bae3469cc9c8d6551b6603ac9","modified_time":"2024-08-07T10:08:45Z","versions":["1.7.2"],"id":"pypi/2024-07-vaaai-netflixchecker/pyfetcher-vaaai","import_time":"2025-12-10T21:38:57.70377323Z"},{"sha256":"c7ebedea96a0dd6f1e2890aa7d7c182db10ec5157da54079b2e9aeaede341e72","modified_time":"2026-03-18T12:17:26Z","source":"reversing-labs","id":"RLUA-2026-00632","import_time":"2026-03-19T12:20:15.510938953Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pyfetcher-vaaai"}],"affected":[{"package":{"name":"pyfetcher-vaaai","ecosystem":"PyPI","purl":"pkg:pypi/pyfetcher-vaaai"},"versions":["1.7.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyfetcher-vaaai/MAL-2024-10116.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}