{"id":"MAL-2024-12280","summary":"Malicious code in google-play-store (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b0f8bc12f61546bde84dd1d7a64519fcdc55ce875b71f3d8d848d2d5daa2248d)\nThis is a copy of https://pypi.org/project/play-scraper/ with added a very questionable \"telemetry\": in scraper.py, L90 sends the user hostname, IP and the exact local ID of scraped application to the package author.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2024-09-old-google-play-store\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - dependency-confusion\n\n\n - action-hidden-in-lib-usage\n\n\n - clones-real-package\n","modified":"2025-12-12T20:39:45.575636Z","published":"2024-10-01T11:25:46Z","database_specific":{"iocs":{"domains":["aliniami.atwebpages.com"],"urls":["http://aliniami.atwebpages.com/google.php"]},"malicious-packages-origins":[{"source":"kam193","id":"pypi/2024-09-old-google-play-store/google-play-store","modified_time":"2024-10-01T11:25:46Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"c0bd156480300a5c7b9a72d9863c6a67c8e1b9dcc0d9339fb5816d40e63a4a41","import_time":"2025-12-02T22:30:56.068591915Z"},{"source":"kam193","id":"pypi/2024-09-old-google-play-store/google-play-store","modified_time":"2024-10-01T11:25:46Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"b0f8bc12f61546bde84dd1d7a64519fcdc55ce875b71f3d8d848d2d5daa2248d","import_time":"2025-12-02T23:07:19.258989396Z"},{"source":"kam193","id":"pypi/2024-09-old-google-play-store/google-play-store","modified_time":"2024-10-01T11:25:46Z","sha256":"f7f8c5c260db753b5480b4805737ac76d2e8ea89ba3ec410762eadfc5a788a9d","versions":["0.6.0"],"import_time":"2025-12-10T21:38:58.400691486Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/google-play-store"}],"affected":[{"package":{"name":"google-play-store","ecosystem":"PyPI","purl":"pkg:pypi/google-play-store"},"versions":["0.6.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/google-play-store/MAL-2024-12280.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}