{"id":"MAL-2024-12351","summary":"Malicious code in spy-ai (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (d71096c3aa8cb143ba7fab208ab313a240e8f1f9846b17b947a01f729fc1864a)\nEvery time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is not mentioned in the package description. Instead, the description lures to offer advanced features.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-09-spider-ai\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-generic\n\n\n - A Telegram webhook is used to send collected data.\n\n\n - action-hidden-in-lib-usage\n","modified":"2026-04-22T23:03:33.943883Z","published":"2024-10-02T09:16:00Z","database_specific":{"iocs":{"domains":["01d73592-4d64-43f7-b664-ecd679686756-00-30a5f50srzeko.janeway.replit.dev"]},"malicious-packages-origins":[{"sha256":"751c9eeed2ec7246092237af521e06377fe0899fe815c11175a8cac1195d47c1","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/2024-09-spider-ai/spy-ai","modified_time":"2024-10-02T09:16:00Z","import_time":"2025-12-02T22:30:55.61039607Z","source":"kam193"},{"sha256":"d71096c3aa8cb143ba7fab208ab313a240e8f1f9846b17b947a01f729fc1864a","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/2024-09-spider-ai/spy-ai","modified_time":"2024-10-02T09:16:00Z","import_time":"2025-12-02T23:07:18.650248484Z","source":"kam193"},{"sha256":"1f14a74be2a5dc314937cc2e527ac9bb1b3d76c633b6d3bdfc72dfce460f7db6","versions":["1.0","1.1","0.1","1.1.0","1.0.0","0.1.3","1.0.1","1.1.3","1.1.1"],"id":"pypi/2024-09-spider-ai/spy-ai","modified_time":"2024-10-02T09:16:00Z","import_time":"2025-12-10T21:38:57.84021012Z","source":"kam193"},{"sha256":"9d5643ef1befe879e71d0d23d1827a7d8c333323bfec1e60b2653643f43f57f2","versions":["0.1","0.1.3","1.0","1.0.0","1.0.1","1.1","1.1.0","1.1.1","1.1.3"],"id":"pypi/2024-09-spider-ai/spy-ai","modified_time":"2024-10-02T09:16:00Z","import_time":"2025-12-30T22:39:04.186501234Z","source":"kam193"},{"sha256":"d7e2784981f9af026d1361f8018c5b19b43803bf376645650f5d22bc518d0d18","versions":["0.1","0.1.3","1.0.0","1.0","1.0.1","1.1","1.1.0","1.1.1","1.1.3"],"id":"pypi/2024-09-spider-ai/spy-ai","modified_time":"2024-10-02T09:16:00Z","import_time":"2026-04-22T21:21:55.457432174Z","source":"kam193"},{"sha256":"6d3eb4576e277cb131fa35dbca033b4cb3ebb35f810435997537b82deb88c2dc","versions":["0.1","0.1.3","1.0.0","1.0","1.0.1","1.1.0","1.1","1.1.1","1.1.3"],"id":"pypi/2024-09-spider-ai/spy-ai","modified_time":"2024-10-02T09:16:00Z","import_time":"2026-04-22T22:48:21.846293361Z","source":"kam193"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/spy-ai"}],"affected":[{"package":{"name":"spy-ai","ecosystem":"PyPI","purl":"pkg:pypi/spy-ai"},"versions":["1.0","1.1","0.1","1.1.0","1.0.0","0.1.3","1.0.1","1.1.3","1.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spy-ai/MAL-2024-12351.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}