{"id":"MAL-2026-3100","summary":"Malicious code in fetch-data-api-syncapi (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d)\nThe package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code was not automatically started, suggesting it's just a part of a campaign.  Based on the dynamic analysis, the executable is likely an infostealer.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-fetch-data-api-syncapi\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n","modified":"2026-04-28T20:30:55.210225Z","published":"2026-04-27T16:31:55Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-04-27T16:31:55.462435Z","versions":["0.1.0","0.1.1","0.1.2"],"source":"kam193","sha256":"34f49fb4dcc6dd862bda7af4b571916ff47fd4c857158104c8d0a7e5d0af379d","import_time":"2026-04-27T17:04:24.600796456Z","id":"pypi/2026-04-fetch-data-api-syncapi/fetch-data-api-syncapi"},{"modified_time":"2026-04-27T16:31:55.462435Z","versions":["0.1.0","0.1.1","0.1.2"],"source":"kam193","sha256":"dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d","import_time":"2026-04-28T20:03:03.347584516Z","id":"pypi/2026-04-fetch-data-api-syncapi/fetch-data-api-syncapi"}],"iocs":{"urls":["https://www.dropbox.com/scl/fi/g9n5elasjy54dl2kwfntg/MonitorClient.exe?rlkey=wync0ieqrytdi12bugsw6hzu7&st=tf3r09pi&dl=1"],"domains":["botconfig4.nurmohammadrafi9966.workers.dev"]}},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/7f6bb9cb5118cde0e476e4a41e6bd31027b2cc3b678112e25da3c68e2421a8a6/detection"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/fetch-data-api-syncapi"},{"type":"WEB","url":"https://www.virustotal.com/gui/file-analysis/NmFjNTE4MGI3NjRhM2Y3YTZlMzM2ZmFhN2ZmY2E4ZWE6MTc3NzQwMTUxMA=="},{"type":"EVIDENCE","url":"https://app.any.run/tasks/58f6c7bd-daf7-4b02-ace3-a113a62f0c4f"}],"affected":[{"package":{"name":"fetch-data-api-syncapi","ecosystem":"PyPI","purl":"pkg:pypi/fetch-data-api-syncapi"},"versions":["0.1.0","0.1.1","0.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/fetch-data-api-syncapi/MAL-2026-3100.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}