{"id":"MAL-2026-3214","summary":"Malicious code in renderkitcore (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0)\nPackage is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-renderctx\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - files-exfiltration\n\n\n - crypto-related\n\n\n - The malicious code is intentionally included in a dependency of the package\n","modified":"2026-05-01T15:03:05.133487Z","published":"2026-05-01T14:25:42Z","database_specific":{"malicious-packages-origins":[{"source":"kam193","import_time":"2026-05-01T14:52:46.378949088Z","sha256":"a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0","modified_time":"2026-05-01T14:25:42.894509Z","id":"pypi/2026-04-renderctx/renderkitcore","versions":["0.1.0"]}],"iocs":{"domains":["renderkit1.vercel.app","ctx-graphics.vercel.app"],"urls":["https://renderkit1.vercel.app","https://ctx-graphics.vercel.app"]}},"references":[{"type":"WEB","url":"https://github.com/0xsebasneuron"},{"type":"WEB","url":"https://socket.dev/supply-chain-attacks/north-korea-s-contagious-interview-campaign"},{"type":"WEB","url":"https://github.com/0xsebasneuron/polymarket-arbitrage-copy-trading-bot-V2/commit/4dae9aea3c35a627a7f38a28946f73af18930a3e#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/renderkitcore"}],"affected":[{"package":{"name":"renderkitcore","ecosystem":"PyPI","purl":"pkg:pypi/renderkitcore"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/renderkitcore/MAL-2026-3214.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}