{"id":"MAL-2026-2519","summary":"Malicious code in just4testlm (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (5aed012f2ecc4af261bb7f2fc294b9aee5c0733ccf207b9e9e9a381d51387811)\nThe package likely tests different malicious techniques and delivering payload in setup.py. Different versions, like 0.1.0, 0.4.0 or 0.9.0 contain malicious payload in setup.py that either run remote script or exfiltrate env variables during installation. The malicious versions are also quickly removed and replaced with versions without malicious code.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-just4testlm\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote malicious script.\n\n\n - exfiltration-env-variables\n","modified":"2026-04-09T08:46:53.852711Z","published":"2026-04-09T07:28:17Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-04-09T07:42:34.161539179Z","sha256":"512c9983d4d153d1cf4bae9fffbddc13d5a5f58573dd4ea042dca9e43cac964b","versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0","0.9.1","0.9.2"],"id":"pypi/GENERIC-questionable-pentest/just4testlm","source":"kam193","modified_time":"2026-04-09T07:28:56.971481Z"},{"import_time":"2026-04-09T08:38:22.247537267Z","sha256":"5aed012f2ecc4af261bb7f2fc294b9aee5c0733ccf207b9e9e9a381d51387811","versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0","0.9.1","0.9.2","0.9.3"],"id":"pypi/2026-03-just4testlm/just4testlm","source":"kam193","modified_time":"2026-04-09T08:22:13.143434Z"}],"iocs":{"urls":["https://just4testlm.tos-cn-hongkong.volces.com/run.sh"],"domains":["just4testlm.tos-cn-hongkong.volces.com","pipi.8d90982c.cdn.cloudops.ink","cloudops.ink"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/just4testlm"}],"affected":[{"package":{"name":"just4testlm","ecosystem":"PyPI","purl":"pkg:pypi/just4testlm"},"versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0","0.9.1","0.9.2","0.9.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/just4testlm/MAL-2026-2519.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}