{"id":"MAL-2025-5096","summary":"Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac)\nDuring the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data (basic IP/username info, as well as .gitconfig) to a remote target.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-ai-labs-snippets-sdk\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - exfiltration-generic\n\n\n - impersonation\n","modified":"2026-03-19T12:50:10.161614Z","published":"2025-05-19T15:43:26Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2025-02993","source":"reversing-labs","sha256":"09496bdfd919482ae61650986520dcddefcc4bfb59d096a3d08b9d8d87201570","modified_time":"2025-06-18T10:15:01Z","import_time":"2025-06-18T15:05:59.242582281Z","versions":["1.0.0","2.0.0","2.1.0"]},{"id":"pypi/2025-05-ai-labs-snippets-sdk/aliyun-ai-labs-snippets-sdk","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"8d5c6c189f541e861379203e450c284ab9d8fa81eccaeb03d8abad076e8f1954","modified_time":"2025-05-19T15:43:26Z","import_time":"2025-12-02T22:30:54.899160626Z","source":"kam193"},{"id":"pypi/2025-05-ai-labs-snippets-sdk/aliyun-ai-labs-snippets-sdk","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac","modified_time":"2025-05-19T15:43:26Z","import_time":"2025-12-02T23:07:17.942847722Z","source":"kam193"},{"id":"pypi/2025-05-ai-labs-snippets-sdk/aliyun-ai-labs-snippets-sdk","source":"kam193","sha256":"c0224ee10c119727e17c4442ea2e501218589bcfd621e195ed4d4fa011d7dbac","modified_time":"2025-05-19T15:43:26Z","import_time":"2025-12-10T21:38:57.249542393Z","versions":["1.0.0","2.0.0","2.1.0"]},{"id":"RLUA-2025-06552","source":"reversing-labs","sha256":"5ef61ced1119a091ad615414ea163fd85456d449b612e8c5508da1cff9796669","modified_time":"2025-12-23T08:37:54Z","import_time":"2025-12-24T10:07:36.432004327Z"},{"id":"pypi/2025-05-ai-labs-snippets-sdk/aliyun-ai-labs-snippets-sdk","source":"kam193","sha256":"f082f98216f081d7b498cd2dbd7df7e333e2ba9acd6cc8bfa12e488bcc4507c3","modified_time":"2025-05-19T15:43:26Z","import_time":"2026-02-16T14:22:21.499999052Z","versions":["1.0.0","2.0.0","2.1.0"]},{"id":"RLUA-2026-00057","source":"reversing-labs","sha256":"9c1355c281750ba7eb9c46080699ee679876c5df96ef500060960a79f39d7d03","modified_time":"2026-03-18T12:10:55Z","import_time":"2026-03-19T12:19:21.772125899Z"}],"iocs":{"domains":["aksjdbajkb2jeblad.oss-cn-hongkong.aliyuncs.com"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/aliyun-ai-labs-snippets-sdk"},{"type":"ARTICLE","url":"https://www.reversinglabs.com/blog/malicious-attack-method-on-hosted-ml-models-now-targets-pypi"},{"type":"WEB","url":"https://www.reversinglabs.com/blog/malicious-attack-method-on-hosted-ml-models-now-targets-pypi"}],"affected":[{"package":{"name":"aliyun-ai-labs-snippets-sdk","ecosystem":"PyPI","purl":"pkg:pypi/aliyun-ai-labs-snippets-sdk"},"versions":["1.0.0","2.0.0","2.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aliyun-ai-labs-snippets-sdk/MAL-2025-5096.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}