{"id":"MAL-2026-4749","summary":"Malicious code in fakehuop (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee)\nEvery advertised function in this package (ask_llm, pink, america, iran, momo, abc, bcd, code, sf, liti, koko, init, dropnull, hellp, lc) instantiates a Groq client using a hardcoded `gsk_...` API key owned by the package author and forwards the caller-supplied `prompt` argument to api.groq.com via `client.chat.completions.create`. Callers cannot supply their own key; the public API has no parameter or env-var override. As a result, any prompt content passed into these functions — which may contain proprietary data, customer input, or secrets — is routed through the author's Groq account, where the author can read it via their dashboard. 17 distinct hardcoded Groq keys are shipped across ai_helper.py, abc.py, america.py, bcd.py, code.py, dropnull.py, hellp.py, init.py, iran.py, koko.py, lc.py, liti.py, momo.py, pink.py, and sf.py. The package metadata reinforces the assessment: README references an unrelated `sample_package` with `add`/`greet` examples that don't exist in the source, the package and module names are nonsensical, and there is no documented legitimate purpose for the relay.\n","modified":"2026-05-26T06:03:10.397560274Z","published":"2026-05-21T22:22:13Z","database_specific":{"malicious-packages-origins":[{"sha256":"01b6d228f2f167f660bb588665de6df915cd05d025b201027962bfe1c493e808","modified_time":"2026-05-21T22:22:13Z","source":"amazon-inspector","import_time":"2026-05-26T05:51:49.670211105Z","id":"IN-MAL-2026-004042","versions":["3.1.0"]},{"sha256":"677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee","modified_time":"2026-05-21T22:52:06Z","source":"amazon-inspector","import_time":"2026-05-26T05:51:52.110091876Z","id":"IN-MAL-2026-004064","versions":["3.2.0"]},{"sha256":"c4e7b6565fad1e78a9aed6fcbf5e1992a05f51f0bbb46c0412f614b9777867f5","modified_time":"2026-05-21T22:52:01Z","source":"amazon-inspector","import_time":"2026-05-26T05:51:52.016139777Z","id":"IN-MAL-2026-004063","versions":["3.7.0"]},{"sha256":"d09b228809877b9a10237ba3c8becd1b069c803096a35b8ac363321dee102dce","modified_time":"2026-05-21T22:52:11Z","source":"amazon-inspector","import_time":"2026-05-26T05:51:52.208603028Z","id":"IN-MAL-2026-004065","versions":["3.5.0"]}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/fakehuop/3.1.0/"},{"type":"PACKAGE","url":"https://pypi.org/project/fakehuop/3.2.0/"},{"type":"PACKAGE","url":"https://pypi.org/project/fakehuop/3.7.0/"},{"type":"PACKAGE","url":"https://pypi.org/project/fakehuop/3.5.0/"}],"affected":[{"package":{"name":"fakehuop","ecosystem":"PyPI","purl":"pkg:pypi/fakehuop"},"versions":["3.1.0","3.2.0","3.7.0","3.5.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/fakehuop/MAL-2026-4749.json","cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"sha256":"03b960bee8e48c2b91670ea317a7ebfcdecda5db5acbe5a9d80f4dcb99351bd1","path":"src/fakehuop/ai_helper.py","tlsh":"3df09525cc64484e07a241aaa6119851707ff41372f070b9f22c54b85fd2e6751e57d7"},{"sha256":"b12af4b8bb03c7db6bef5e5f7b2e65dc4d1306fc70be7d4389730c4d5a584e76","path":"src/fakehuop/pink.py","tlsh":"08f00e24cc04481f07e0819ea121a892707df42332b07078f32c94b96fd2b7612fa2a6"}],"package_integrity":[{"filename":"fakehuop-3.1.0-py3-none-any.whl","hashes":{"md5":"46911bbf3325342f06a36ea2067df386","blake2b_256":"4185ed3458fa88b88da960569dbf938b0f3f444cec5bee8d1793995826170af7","sha256":"ac03e4d48d914f002e8c88b7f6d39c70c2f7ecf82cd5e9540a7a6bd209367b62"}},{"filename":"fakehuop-3.1.0.tar.gz","hashes":{"sha256":"f81bc6c662bbb134f22918d677a19315a3be66ebc5d8dbd299f31114624de441","blake2b_256":"4d26c82e69300d5a0def1ce2ad8540c4942bfbdae27df7830e2e7da84119e4b5","md5":"66d14a3bac216fb232332b74e49679e8"}}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}