{"id":"MAL-2026-2290","summary":"Malicious code in iwantsafecheckit (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (c982c88e841ae349f894f45b27e07f7154a252963ec05ff8e9536f46102e6ecf)\nDuring installation the package downloads and installs two executables identified as backdoors trojans.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-thisismytest123\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - backdoor\n\n\n - malware\n\n## Source: ossf-package-analysis (388915d99ad3e370a59631112b6a0b784801e257e13f0f9855a2a340c4f068f0)\nThe OpenSSF Package Analysis project identified 'iwantsafecheckit' @ 2.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-29T22:16:52.240589Z","published":"2026-03-29T13:31:21Z","database_specific":{"iocs":{"urls":["http://8.217.174.149:8888/supershell/compile/download/java","https://shim.oss-cn-hongkong.aliyuncs.com/shim","https://shim.oss-cn-hongkong.aliyuncs.com/shim.conf"]},"malicious-packages-origins":[{"modified_time":"2026-03-29T13:35:48.567367Z","sha256":"c982c88e841ae349f894f45b27e07f7154a252963ec05ff8e9536f46102e6ecf","source":"kam193","versions":["2.0.0"],"id":"pypi/2026-03-thisismytest123/iwantsafecheckit","import_time":"2026-03-29T14:15:26.489189423Z"},{"versions":["2.0.0"],"import_time":"2026-03-29T22:10:45.900222856Z","modified_time":"2026-03-29T13:31:21Z","sha256":"388915d99ad3e370a59631112b6a0b784801e257e13f0f9855a2a340c4f068f0","source":"ossf-package-analysis"}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/d06d2288d3aa76675947137279e6db4d5a31d3ab3a46720d15df4c4d2d52b9d3/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/28d6c2c26ed631981fc9575a452b45b8b741d172769d5d8366a4269536236ab3/detection"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/iwantsafecheckit"}],"affected":[{"package":{"name":"iwantsafecheckit","ecosystem":"PyPI","purl":"pkg:pypi/iwantsafecheckit"},"versions":["2.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/iwantsafecheckit/MAL-2026-2290.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}