{"id":"MAL-2025-6248","summary":"Malicious code in foundry-jupyter-extension (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8114162af3676e6c75f96e1dc953dae363e41fab4e9b3ce75a84b261aece0113)\nInstalling or importing the module triggers exfiltration of environmental variables\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-foundry-jupyter-extension\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (18120bcaae1e9da4251368d123f8dfe860d3c2af2fbbb8393d2a323c5c8571f2)\nThe OpenSSF Package Analysis project identified 'foundry-jupyter-extension' @ 0.23.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-12-12T20:39:39.421034Z","published":"2025-07-26T01:36:46Z","database_specific":{"malicious-packages-origins":[{"versions":["0.23.0"],"sha256":"18120bcaae1e9da4251368d123f8dfe860d3c2af2fbbb8393d2a323c5c8571f2","source":"ossf-package-analysis","import_time":"2025-07-26T02:40:15.433782373Z","modified_time":"2025-07-26T01:36:46Z"},{"id":"pypi/2025-07-foundry-jupyter-extension/foundry-jupyter-extension","sha256":"33ddd7b7b48ab562ae5eabf7493831b302bbf4d725307e51e7563947ddfeefbb","source":"kam193","import_time":"2025-12-02T22:30:55.204615822Z","modified_time":"2025-07-26T12:26:59.241844Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"id":"pypi/2025-07-foundry-jupyter-extension/foundry-jupyter-extension","sha256":"8114162af3676e6c75f96e1dc953dae363e41fab4e9b3ce75a84b261aece0113","source":"kam193","import_time":"2025-12-02T23:07:18.213470314Z","modified_time":"2025-07-26T12:26:59.241844Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"id":"pypi/2025-07-foundry-jupyter-extension/foundry-jupyter-extension","sha256":"b151318ecdd7d06f606841bd6b827b3f6a5b968907db8b96e74cd739e51368a7","source":"kam193","import_time":"2025-12-10T21:38:57.498620476Z","modified_time":"2025-07-26T12:26:59.241844Z","versions":["0.20.0","0.21.0","0.22.0","0.23.0","800.23.0"]}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/foundry-jupyter-extension"}],"affected":[{"package":{"name":"foundry-jupyter-extension","ecosystem":"PyPI","purl":"pkg:pypi/foundry-jupyter-extension"},"versions":["0.23.0","0.20.0","0.21.0","0.22.0","800.23.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/foundry-jupyter-extension/MAL-2025-6248.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}