{"id":"MAL-2026-1325","summary":"Malicious code in synapseml-utils (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3)\nInstalling the package starts encrypting the user's file and demanding ransom for the decryption.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-synapseml-utils\n\n\nReasons (based on the campaign):\n\n\n - ransomware\n","modified":"2026-03-10T19:02:10.871418Z","published":"2026-03-10T17:57:54Z","database_specific":{"iocs":{"domains":["youjustgotbeamed.com"]},"malicious-packages-origins":[{"source":"kam193","versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5"],"modified_time":"2026-03-10T17:57:54.582238Z","sha256":"4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3","id":"pypi/2026-03-synapseml-utils/synapseml-utils","import_time":"2026-03-10T18:49:18.524686365Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/synapseml-utils"}],"affected":[{"package":{"name":"synapseml-utils","ecosystem":"PyPI","purl":"pkg:pypi/synapseml-utils"},"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/synapseml-utils/MAL-2026-1325.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}