{"id":"MAL-2024-11745","summary":"Malicious code in vizplotlib (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (198e2d1a1b349ccb49cf0b7f0e25594a096a2bead4a732926c5862cf0764b012)\nRunning the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-10-alfooou\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - obfuscation\n","modified":"2026-03-19T12:58:09.166732Z","published":"2024-10-03T15:11:09Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2024-11206","versions":["1.0.3"],"sha256":"222efa5a026444e3f648b4959eab0ccc926ca976a6e0cad30d014ce75e6e9a35","source":"reversing-labs","modified_time":"2024-12-09T06:51:27Z","import_time":"2024-12-09T14:38:50.870838128Z"},{"id":"pypi/2024-10-alfooou/vizplotlib","sha256":"fa10782ed95e3d086b3eead0a8ca3f298693dfdc2baf06a4736c470545070a41","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-10-03T15:11:09Z","import_time":"2025-12-02T22:30:55.71559917Z"},{"id":"pypi/2024-10-alfooou/vizplotlib","sha256":"198e2d1a1b349ccb49cf0b7f0e25594a096a2bead4a732926c5862cf0764b012","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-10-03T15:11:09Z","import_time":"2025-12-02T23:07:18.755309834Z"},{"id":"pypi/2024-10-alfooou/vizplotlib","versions":["1.0.3"],"sha256":"87eb682fe330f0725991e7f5b9f5e2043c87865445f53e507b996bb4bb01ffbd","source":"kam193","modified_time":"2024-10-03T15:11:09Z","import_time":"2025-12-10T21:38:57.925722562Z"},{"id":"RLUA-2026-00894","sha256":"676971cebaad0a22bcb9e9a5eed511aebb7ce6137ba73f4a4fdda421d33c33cc","source":"reversing-labs","modified_time":"2026-03-18T12:20:14Z","import_time":"2026-03-19T12:20:41.136064605Z"}],"iocs":{"urls":["http://ec2-3-84-149-132.compute-1.amazonaws.com:3232/windows_dll"]}},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/042a7518512ab61a1ed52cc16c637905c70ebbab55a766fa63ced504ba61945b"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/vizplotlib"}],"affected":[{"package":{"name":"vizplotlib","ecosystem":"PyPI","purl":"pkg:pypi/vizplotlib"},"versions":["1.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/vizplotlib/MAL-2024-11745.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}