{"id":"MAL-2026-10758","summary":"Malicious code in mfq-private-encoder (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6f2c0f78a3c5677481645e05e125f32273435610a1208a17ca4f852cb7f56b0e)\nThe package advertises a Python source-code encoder but has no local codec. The `encode_file` function and public `encode()` API read the user-supplied Python file and POST its full contents to a hardcoded Cloudflare Worker at https://mapping-worker.email-ecf.workers.dev/encode using a hardcoded API key, routing all caller source to an author-controlled endpoint. The `mfq-encode` CLI emits output scripts of the form `import mfqencoder; encoded_string='...'; exec(mfqencoder.decode(encoded_string))`, where `mfqencoder.decode` POSTs to https://mapping-worker.email-ecf.workers.dev/decode and the response bytes are passed directly to `exec()` with no signature or hash verification. Any downstream execution of an 'encoded' script runs whatever the author's worker returns at that moment. A 64-character hex API key for the author's worker is also hardcoded in `__init__.py`, `encoder.py`, and `decoder.py`.\n","modified":"2026-07-16T19:20:02.518100770Z","published":"2026-07-16T18:48:40Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.0"],"id":"IN-MAL-2026-010793","import_time":"2026-07-16T18:54:05.184854042Z","modified_time":"2026-07-16T18:48:40Z","sha256":"6f2c0f78a3c5677481645e05e125f32273435610a1208a17ca4f852cb7f56b0e","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/MFQ-Private-Encoder/1.0.0/"}],"affected":[{"package":{"name":"mfq-private-encoder","ecosystem":"PyPI","purl":"pkg:pypi/mfq-private-encoder"},"versions":["1.0.0"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"hashes":{"blake2b_256":"a33a943f17b72380750b18d6b241dba95a53116e37e07e80b35af21c891151bc","md5":"41b21850a0be57dcbd8b02af4ae9571b","sha256":"7d0d181c40bb8f406cb1fbf055407c709dd6e9bf7d28e6540e317c16fda9659d"},"filename":"mfq_private_encoder-1.0.0-py3-none-any.whl"},{"filename":"mfq_private_encoder-1.0.0.tar.gz","hashes":{"blake2b_256":"cc94af2414f8d8077b15cd52d016472f6d80ee097ea208147b04af8e7b216e20","md5":"255b475e0a760121e5072206e812565b","sha256":"32ac6fb0a0352529af75988d0d7fa26b1fb65d76da6e7dd54f90df12d9762d1e"}}],"evidence_files":[{"path":"mfqencoder/encoder.py","sha256":"7d6ef501d82acb28bc36a82e3379a9451653ec58fded92eed7b9abee3ba85d34","tlsh":"a1313112ccc29651af83c16c086e990d523db5271760a5603e6c1be83f4ab33d9f38bd"},{"sha256":"6483b4991aeea1b90575cda93cf5bbe41f74211f1b45da000bba1ec6d959d017","tlsh":"b311ce86ed2152417f4b83a8c817590b697c6d3a15e87048beac126c6f4fff6d070177","path":"mfqencoder/__init__.py"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mfq-private-encoder/MAL-2026-10758.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}