{"id":"MAL-2024-9952","summary":"Malicious code in browser-cookies3 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (ac253e47b0fa143074f6239c3c84b3ecd3521d37f71c4f92937f53cafc5067b5)\nPackage contains a compiled infostealer that is started instead of promised functionality\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2024-08-dirutils\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n -\n","aliases":["SNYK-PYTHON-BROWSERCOOKIES3-8185018"],"modified":"2026-03-19T12:51:23.812414Z","published":"2024-09-06T12:16:03Z","database_specific":{"iocs":{"urls":["https://discord.com/api/webhooks/1280529043107614733/woxM-qRJ5KY4nkCILD9TFi0VuJwN-ewQ52ZqbAoeLMaYxfP7hRUErYIMusugirIWB42D","https://discordapp.com/api/webhooks/1284874320556064859/IRz_BFstxKu2-8cHHoF5xEXV4QYYQXkOAI8RwZJ317fJQGRxtbcPcYBeEnwv4dNM9NbZ"]},"malicious-packages-origins":[{"versions":["1.1"],"modified_time":"2024-10-16T14:37:09Z","id":"RLMA-2024-07894","source":"reversing-labs","sha256":"1fd16f1c8b35abebeb1e90e2f461276f7b43d5e79d3eda77a51cb7c40f3115d3","import_time":"2024-10-24T00:56:54.155450221Z"},{"modified_time":"2025-03-03T13:44:43Z","id":"RLUA-2025-01204","source":"reversing-labs","sha256":"8ec9f52bcc3a58243396d77c8396cb930e08c25523c8b78dea7c68a2307f6651","import_time":"2025-03-03T15:07:33.852544162Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2024-09-06T12:16:03Z","id":"pypi/2024-08-dirutils/browser-cookies3","source":"kam193","sha256":"4529ee7157c7665fecc2f4b527ed7f938377f6599c082e8c3fe86593dc37afff","import_time":"2025-12-02T22:30:55.007185244Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2024-09-06T12:16:03Z","id":"pypi/2024-08-dirutils/browser-cookies3","source":"kam193","sha256":"ac253e47b0fa143074f6239c3c84b3ecd3521d37f71c4f92937f53cafc5067b5","import_time":"2025-12-02T23:07:18.033710261Z"},{"versions":["1.1"],"modified_time":"2024-09-06T12:16:03Z","id":"pypi/2024-08-dirutils/browser-cookies3","source":"kam193","sha256":"6aa5796d9bc82229c0f0364579db2d44619ec9869ed1e665d1cb9692112808db","import_time":"2025-12-10T21:38:57.327189739Z"},{"modified_time":"2026-03-18T12:12:02Z","id":"RLUA-2026-00157","source":"reversing-labs","sha256":"1e558f0477c72bd84d2c0899491448bef0c2df923689840e2a9993e96842010f","import_time":"2026-03-19T12:19:30.400122717Z"}]},"references":[{"type":"ARTICLE","url":"https://socket.dev/blog/typosquatting-on-pypi-malicious-package-mimics-popular-browser-cookie-library"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-PYTHON-BROWSERCOOKIES3-8185018"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/f754903e1fec996a10be31f9654f159354f0de1d17de9325cbd468f66ee69cd2/behavior"},{"type":"EVIDENCE","url":"https://tria.ge/240906-nzwrgavapk/behavioral2"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/d7e3402341dcba66a6ed3e92889c655aa08d5103d1a65133f0a05f12d9390bb4"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/browser-cookies3"}],"affected":[{"package":{"name":"browser-cookies3","ecosystem":"PyPI","purl":"pkg:pypi/browser-cookies3"},"versions":["1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/browser-cookies3/MAL-2024-9952.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}