{"id":"MAL-2024-11582","summary":"Malicious code in eosio-signer (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (647b75de784ff7b23edb8a5b76d1a017b02d1fd719c6a5a92587fa8d89c25abf)\nInstalling the package exfiltrates basic data about the system\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2024-11-eosio-signer\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n","modified":"2026-03-19T12:52:50.667410Z","published":"2024-11-14T16:51:31Z","database_specific":{"iocs":{"ips":["61.28.229.27"]},"malicious-packages-origins":[{"source":"reversing-labs","import_time":"2024-12-09T14:38:43.416786202Z","versions":["0.0.1","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"],"modified_time":"2024-12-09T06:50:11Z","id":"RLMA-2024-11032","sha256":"49b081a309f74fbc6bda456b2ec45d9a3a1e918f0473c5368b5c4181092a0b7b"},{"source":"kam193","import_time":"2025-12-02T22:30:56.011372777Z","sha256":"a6251de30a6e6eeb2f67a5caef58223ebcdcf1a6113d45181830175ec4fbc3f2","modified_time":"2024-11-14T16:51:31Z","id":"pypi/2024-11-eosio-signer/eosio-signer","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"source":"kam193","import_time":"2025-12-02T23:07:19.210059901Z","sha256":"647b75de784ff7b23edb8a5b76d1a017b02d1fd719c6a5a92587fa8d89c25abf","modified_time":"2024-11-14T16:51:31Z","id":"pypi/2024-11-eosio-signer/eosio-signer","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"source":"kam193","import_time":"2025-12-10T21:38:58.347434307Z","versions":["0.0.1","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"],"modified_time":"2024-11-14T16:51:31Z","id":"pypi/2024-11-eosio-signer/eosio-signer","sha256":"ca0b2c48f8c80d6ee0e3957aeeb1ab4e7361acd9f6bdf62cbc67ebfad6b10186"},{"source":"reversing-labs","import_time":"2026-03-19T12:19:43.049993689Z","modified_time":"2026-03-18T12:13:34Z","id":"RLUA-2026-00297","sha256":"4e6eb69e6caddb6bb72ea6b04afba8aee8de66cc9293ef88d0cd6fe28a645491"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/eosio-signer"}],"affected":[{"package":{"name":"eosio-signer","ecosystem":"PyPI","purl":"pkg:pypi/eosio-signer"},"versions":["0.0.1","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/eosio-signer/MAL-2024-11582.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}