{"id":"MAL-2024-6062","summary":"Malicious code in sys-ej (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n","aliases":["SNYK-PYTHON-SYSEJ-3177760"],"modified":"2024-10-24T01:01:59Z","published":"2024-06-25T13:43:00Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-06-25T13:43:00Z","import_time":"2024-06-28T02:50:51.669340465Z","id":"RLMA-2024-04865","versions":["0.1.0"],"sha256":"6e43dec9e257707914245d5e9cd87b43ba966922b85da9d44ab8f35ee824926f","source":"reversing-labs"},{"modified_time":"2024-10-16T14:52:02Z","import_time":"2024-10-24T01:00:14.967479807Z","id":"RLUA-2024-09333","sha256":"41fb7d839f7bb0ff34f48a204faced6a6e106d62aaf61adbb7e21b51713d580d","source":"reversing-labs"}]},"references":[{"type":"ARTICLE","url":"https://blog.phylum.io/phylum-discovers-new-stealer-variants-in-burgeoning-pypi-supply-chain-attack/"},{"type":"ARTICLE","url":"https://www.bleepingcomputer.com/news/security/hackers-bombard-pypi-platform-with-information-stealing-malware"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-PYTHON-SYSEJ-3177760"}],"affected":[{"package":{"name":"sys-ej","ecosystem":"PyPI","purl":"pkg:pypi/sys-ej"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sys-ej/MAL-2024-6062.json"}}],"schema_version":"1.7.3","credits":[{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}