{"id":"MAL-2024-9951","summary":"Malicious code in browser-cookies1 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (5cabd14fc21e5314fd1778bac4e49f0cb8a145e773e147666070d85aa60e422c)\nPackage contains a compiled infostealer that is started instead of promised functionality\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-08-dirutils\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n -\n","modified":"2026-03-19T12:51:22.442238Z","published":"2024-09-06T12:16:03Z","database_specific":{"malicious-packages-origins":[{"versions":["1.1"],"import_time":"2024-10-24T00:56:53.97011277Z","id":"RLMA-2024-07893","sha256":"509777ac01f9c2c48accd7534acf1a46b1b1e42545e3786e22b86ad54879e79a","source":"reversing-labs","modified_time":"2024-10-16T14:37:08Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2025-12-02T22:30:55.005830531Z","id":"pypi/2024-08-dirutils/browser-cookies1","sha256":"0c460b56a0ff44db38f7f621f373a5f2b941d651aa5ab194d1340b5416919afe","source":"kam193","modified_time":"2024-09-06T12:16:03Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2025-12-02T23:07:18.03274592Z","id":"pypi/2024-08-dirutils/browser-cookies1","sha256":"5cabd14fc21e5314fd1778bac4e49f0cb8a145e773e147666070d85aa60e422c","source":"kam193","modified_time":"2024-09-06T12:16:03Z"},{"versions":["1.1"],"import_time":"2025-12-10T21:38:57.32623012Z","id":"pypi/2024-08-dirutils/browser-cookies1","sha256":"45a8ff710f7cba3f30db164b6fac21bafd81a08e7e41a496b6ffb135d16d85e9","source":"kam193","modified_time":"2024-09-06T12:16:03Z"},{"import_time":"2026-03-19T12:19:30.181475723Z","id":"RLUA-2026-00156","sha256":"df8e5d1a6d2e9ffc9aa040d23186fd1b800b8b6edf11e535e00b41680033a302","source":"reversing-labs","modified_time":"2026-03-18T12:12:01Z"}],"iocs":{"urls":["https://discord.com/api/webhooks/1280529043107614733/woxM-qRJ5KY4nkCILD9TFi0VuJwN-ewQ52ZqbAoeLMaYxfP7hRUErYIMusugirIWB42D","https://discordapp.com/api/webhooks/1284874320556064859/IRz_BFstxKu2-8cHHoF5xEXV4QYYQXkOAI8RwZJ317fJQGRxtbcPcYBeEnwv4dNM9NbZ"]}},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/f754903e1fec996a10be31f9654f159354f0de1d17de9325cbd468f66ee69cd2/behavior"},{"type":"EVIDENCE","url":"https://tria.ge/240906-nzwrgavapk/behavioral2"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/d7e3402341dcba66a6ed3e92889c655aa08d5103d1a65133f0a05f12d9390bb4"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/browser-cookies1"}],"affected":[{"package":{"name":"browser-cookies1","ecosystem":"PyPI","purl":"pkg:pypi/browser-cookies1"},"versions":["1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/browser-cookies1/MAL-2024-9951.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}