{"id":"MAL-2026-255","summary":"Malicious code in haqawi (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4)\nPackage is designed to download and execute a remote script, which then downloads and runs a malicious executable\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-pdatainstaller\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - Downloads and executes a remote malicious script.\n\n\n - malware\n","modified":"2026-01-19T07:28:11.706794Z","published":"2026-01-14T21:16:14Z","database_specific":{"iocs":{"urls":["https://pastebin.com/raw/s5WB7EtG","https://pastebin.com/raw/c3uYVYbT","https://github.com/uunnkknnoowwnn/dang/raw/refs/heads/main/svchost.exe","https://github.com/yoseffalrg-droid/Reall/raw/refs/heads/main/svchost.exe","https://pastebin.com/raw/neRRCVv5"]},"malicious-packages-origins":[{"source":"kam193","modified_time":"2026-01-14T21:16:14.132548Z","import_time":"2026-01-14T21:39:18.446423792Z","versions":["1.0.0"],"sha256":"6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4","id":"pypi/2025-12-pdatainstaller/haqawi"},{"source":"kam193","modified_time":"2026-01-14T21:16:14.132548Z","import_time":"2026-01-19T07:14:29.758568227Z","versions":["1.0.0"],"sha256":"23c2cdecbf27a1a747111aa3e45d451bbdcb9257cd174749432fd574abb89b3f","id":"pypi/2025-12-pdatainstaller/haqawi"}]},"references":[{"type":"WEB","url":"https://www.virustotal.com/gui/file-analysis/NzcxYTcyZDQxMzc0ZDUwNTk4MDY4OTE3Y2U3MzdhNDY6MTc2NzQwMTQwOQ=="},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/haqawi"}],"affected":[{"package":{"name":"haqawi","ecosystem":"PyPI","purl":"pkg:pypi/haqawi"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/haqawi/MAL-2026-255.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}