{"id":"MAL-2026-3034","summary":"Malicious code in ort-moe (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b07b0d9d87f411b1c481f50084190fdde34edfeb1c9b10368a23abba0ccbcbdc)\nDuring import, package collects basic information about the system, performs deep fingerprinting, and reports the data to the remote target. The package description attempts to build a false impression that it's an official package. The name refers to either ONNYX runtime, or the Pytorch package never released to the PyPI: https://github.com/pytorch/ort/blob/89466e524b0abe3a134418a50beeb405e287cedc/ort_moe/setup.py#L11\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-promptflow-runtime\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - dependency-confusion\n\n\n - impersonation\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n","modified":"2026-04-25T15:32:02.664388Z","published":"2026-04-25T14:47:54Z","database_specific":{"iocs":{"domains":["ttder9qf90.execute-api.us-east-1.amazonaws.com"]},"malicious-packages-origins":[{"source":"kam193","sha256":"b07b0d9d87f411b1c481f50084190fdde34edfeb1c9b10368a23abba0ccbcbdc","versions":["9.0.0"],"modified_time":"2026-04-25T14:47:54.935422Z","id":"pypi/2026-04-promptflow-runtime/ort-moe","import_time":"2026-04-25T15:19:06.820242078Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/ort-moe"}],"affected":[{"package":{"name":"ort-moe","ecosystem":"PyPI","purl":"pkg:pypi/ort-moe"},"versions":["9.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ort-moe/MAL-2026-3034.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}