{"id":"MAL-2024-10133","summary":"Malicious code in python-guild (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (e80e97d90a6fe86d94b3d80feac7f7f53e0eb1ee29320ebb7612cdf7a5449f3d)\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: spl-types-rentry-2024-07\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - crypto-related\n","modified":"2026-03-19T12:56:04.512539Z","published":"2024-07-03T17:04:18Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2024-09024","versions":["1.0.1"],"source":"reversing-labs","modified_time":"2024-10-16T14:48:53Z","sha256":"8b489da05e083d417aa16e0a0a0f6cd1b5e65b4ac634d298227505ae3b51b4c6","import_time":"2024-10-24T00:57:06.623508125Z"},{"id":"pypi/spl-types-rentry-2024-07/python-guild","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-07-03T17:04:18Z","sha256":"9bac5f81640e36153c1e0e5be192aea279c02675013295bfce88b8e919d28a94","import_time":"2025-12-02T22:30:55.491981919Z"},{"id":"pypi/spl-types-rentry-2024-07/python-guild","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-07-03T17:04:18Z","sha256":"e80e97d90a6fe86d94b3d80feac7f7f53e0eb1ee29320ebb7612cdf7a5449f3d","import_time":"2025-12-02T23:07:18.517094874Z"},{"id":"pypi/spl-types-rentry-2024-07/python-guild","versions":["1.0.1"],"source":"kam193","modified_time":"2024-07-03T17:04:18Z","sha256":"b2f5380fe9d9836754d9f555e2794872d932d38be521085dc195572e86e8eb73","import_time":"2025-12-10T21:38:57.736896357Z"},{"id":"RLUA-2026-00665","source":"reversing-labs","modified_time":"2026-03-18T12:17:48Z","sha256":"69b25db52530b501f15b70406727b607f309153a7608ac7480d80166702cede3","import_time":"2026-03-19T12:20:18.552911474Z"}]},"references":[{"type":"WEB","url":"https://checkmarx.com/blog/stackexchange-abused-to-spread-malicious-python-package-that-drains-victims-crypto-wallets/"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/python-guild"},{"type":"ARTICLE","url":"https://checkmarx.com/blog/stackexchange-abused-to-spread-malicious-python-package-that-drains-victims-crypto-wallets"}],"affected":[{"package":{"name":"python-guild","ecosystem":"PyPI","purl":"pkg:pypi/python-guild"},"versions":["1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/python-guild/MAL-2024-10133.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}