{"id":"MAL-2024-10179","summary":"Malicious code in uconst (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (cc4ce4d1709ad506513007356fd414ca83c1aa848f9134e952c4b760194428c6)\nPackage \"uconst\" is the package containing malicious code with multiple stage, exfiltrating basic info as well as browser data. It's put into others as dependency.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-08-uconst-old\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - Downloads and executes a remote executable.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n","modified":"2026-03-19T12:58:58.410219Z","published":"2024-08-14T22:01:30Z","database_specific":{"malicious-packages-origins":[{"sha256":"9175010462ad636ec5813f6478c062e03a63ccb0ee009c3bf01f1db999a40a4a","id":"RLMA-2024-09455","import_time":"2024-10-24T00:57:10.208234888Z","source":"reversing-labs","versions":["1.0.0rc1","1.0.0","1.0.1","1.0.2"],"modified_time":"2024-10-16T14:53:17Z"},{"sha256":"8ea8426ed09014407e1aa4060f5913904a0be81975c1b3a9521d8950ac5a303b","id":"pypi/2024-08-uconst-old/uconst","import_time":"2025-12-02T22:30:55.688016953Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2024-08-14T22:01:30Z"},{"sha256":"cc4ce4d1709ad506513007356fd414ca83c1aa848f9134e952c4b760194428c6","id":"pypi/2024-08-uconst-old/uconst","import_time":"2025-12-02T23:07:18.734297739Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2024-08-14T22:01:30Z"},{"sha256":"e606007896b8e5ae4cdd0a13e41487b68d5c2c822db34d35fb5d9679bd357f15","id":"pypi/2024-08-uconst-old/uconst","import_time":"2025-12-10T21:38:57.906258736Z","source":"kam193","versions":["1.0.0"],"modified_time":"2024-08-14T22:01:30Z"},{"sha256":"cd22a2c39c3c613666ec96db47b474c8450f88a91ed4a854b1895310734c5b53","id":"RLUA-2026-00869","import_time":"2026-03-19T12:20:38.543076082Z","source":"reversing-labs","modified_time":"2026-03-18T12:19:57Z"}],"iocs":{"domains":["lucky-tubes.000webhostapp.com"],"urls":["http://89.23.105.103:809/lin","http://89.23.105.103:809/win","http://89.23.105.103/eny","https://lucky-tubes.000webhostapp.com/log.php?data=sent"],"ips":["89.23.105.103"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/uconst"}],"affected":[{"package":{"name":"uconst","ecosystem":"PyPI","purl":"pkg:pypi/uconst"},"versions":["1.0.0rc1","1.0.0","1.0.1","1.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/uconst/MAL-2024-10179.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}