{"id":"MAL-2024-5479","summary":"Malicious code in pingdomv3 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (7b1fe453efd67c0475761e84e07029086b389cedfb367f38826c0d3339b62b01)\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-04-pingdomv3\n\n\nReasons (based on the campaign):\n\n\n - reuse-removed-name\n\n\n - obfuscation\n","aliases":["SNYK-PYTHON-PINGDOMV3-7911575"],"modified":"2026-03-19T12:55:23.341882Z","published":"2024-06-25T13:38:09Z","database_specific":{"malicious-packages-origins":[{"sha256":"00a5e2b57cf2513835ea68649af9099898c7e87d1e32448997846996e816f2b9","import_time":"2024-06-28T02:49:39.2195431Z","source":"reversing-labs","id":"RLMA-2024-04261","versions":["1.1.0"],"modified_time":"2024-06-25T13:38:09Z"},{"sha256":"8fc8e0ff2c04e8849ea90181be10fb4f16725ed4a426359534711dd0802a2518","import_time":"2024-10-24T00:59:35.447494555Z","source":"reversing-labs","id":"RLUA-2024-08689","versions":["0.1"],"modified_time":"2024-10-16T14:45:28Z"},{"sha256":"6dab266679decc6fb9cd654cccb5f12921c97012dac79703d0ed3859055279de","import_time":"2025-03-03T15:07:34.484108262Z","source":"reversing-labs","id":"RLUA-2025-01228","versions":["0.1.1","0.0.3","0.0.6","1.0.0","0.0.4","0.0.2"],"modified_time":"2025-03-03T13:45:08Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2025-12-02T22:30:55.429642142Z","source":"kam193","id":"pypi/2024-04-pingdomv3/pingdomv3","modified_time":"2024-09-05T10:50:02Z","sha256":"c5501b0e8e29fc5a8adb5676e0914d0fbb910f8ccc5faf0aad13d2dee2d7a87d"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2025-12-02T23:07:18.454918074Z","source":"kam193","id":"pypi/2024-04-pingdomv3/pingdomv3","modified_time":"2024-09-05T10:50:02Z","sha256":"7b1fe453efd67c0475761e84e07029086b389cedfb367f38826c0d3339b62b01"},{"sha256":"ef6d3ae3ce0d5313f14763990d06cdd34211a6d1abf80496dee226769eb2ddf2","import_time":"2025-12-10T21:38:57.670044284Z","source":"kam193","id":"pypi/2024-04-pingdomv3/pingdomv3","versions":["0.1","1.0.0","1.1.0"],"modified_time":"2024-09-05T10:50:02Z"},{"sha256":"26deafd6bb1c610ab0d6bff25c2d64988f186d59f53351b3b94184f5fe15fffe","import_time":"2026-03-19T12:20:12.172898776Z","source":"reversing-labs","id":"RLUA-2026-00592","modified_time":"2026-03-18T12:16:56Z"}]},"references":[{"type":"ARTICLE","url":"https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-PYTHON-PINGDOMV3-7911575"},{"type":"WEB","url":"https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/#real-world-revival-hijack-pingdomv3"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pingdomv3"},{"type":"ARTICLE","url":"https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/#real-world-revival-hijack-pingdomv3"}],"affected":[{"package":{"name":"pingdomv3","ecosystem":"PyPI","purl":"pkg:pypi/pingdomv3"},"versions":["1.1.0","0.1","0.1.1","0.0.3","0.0.6","1.0.0","0.0.4","0.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pingdomv3/MAL-2024-5479.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}