{"id":"MAL-2024-5135","summary":"Malicious code in fefeefrrg (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (3aa8b4ce86737760d29f2bf87c18d7c195bf3c26d83205d1c9972216c0149146)\nInstalling the package starts an infostealer\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2023-12-fefeefrrg\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - exfiltration-generic\n\n\n - exfiltration-browser-data\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n","modified":"2026-03-19T12:53:10.340994Z","published":"2024-06-25T13:35:22Z","database_specific":{"malicious-packages-origins":[{"sha256":"476d201700857807312e04f094e863d61d7c51ef63c1edd56dbd4862f8c241e7","id":"RLMA-2024-03915","import_time":"2024-06-28T02:48:58.242365062Z","source":"reversing-labs","versions":["1.0"],"modified_time":"2024-06-25T13:35:22Z"},{"sha256":"4631f383d7ad30b59e92dad606c6c32efc4123bed5f450dbffe291761c1c93f9","id":"RLUA-2024-08271","import_time":"2024-10-24T00:59:11.891723101Z","source":"reversing-labs","modified_time":"2024-10-16T14:41:08Z"},{"sha256":"1881cf262285d7badb09b1dbbc35f309683aac98b03c2bf657900ef9827528d5","id":"pypi/2023-12-fefeefrrg/fefeefrrg","import_time":"2025-12-02T22:30:55.188503772Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2024-12-01T17:21:48Z"},{"sha256":"3aa8b4ce86737760d29f2bf87c18d7c195bf3c26d83205d1c9972216c0149146","id":"pypi/2023-12-fefeefrrg/fefeefrrg","import_time":"2025-12-02T23:07:18.19714083Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2024-12-01T17:21:48Z"},{"sha256":"5beaf4b1d416854b73dc3e35a815a42926342dde4d8f09fbf974fad1f9fe8e6f","id":"pypi/2023-12-fefeefrrg/fefeefrrg","import_time":"2025-12-10T21:38:57.482054104Z","source":"kam193","versions":["1.0"],"modified_time":"2024-12-01T17:21:48Z"},{"sha256":"e9cd3917ceece98595fe4b4d417e70143e6bb349265055a7148d7f866bb0dcf8","id":"RLUA-2026-00319","import_time":"2026-03-19T12:19:45.110388564Z","source":"reversing-labs","modified_time":"2026-03-18T12:13:49Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/fefeefrrg"}],"affected":[{"package":{"name":"fefeefrrg","ecosystem":"PyPI","purl":"pkg:pypi/fefeefrrg"},"versions":["1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/fefeefrrg/MAL-2024-5135.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}