{"id":"MAL-2026-4754","summary":"Malicious code in heims (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57)\nThe package's WechatUtil.get_token() in src/heims/utils/wechat/wechat_util.py hardcodes a POST to https://token.zhangjianpeng.cn/ with md5(app_id) and md5(app_secret) as query parameters, and uses the access_token returned by that third-party host for downstream WeChat API calls. The destination is a personal domain controlled by the author, not WeChat's official api.weixin.qq.com endpoint, and this third-party broker is not disclosed in the README. Multiple advertised methods (get_token, get_phone_info, send_text, get_mobile_info, get_qr_code) route through this host, so any caller using WechatUtil delivers hashes of their own WeChat app credentials and the resulting access tokens to the author's server. This is a silent-relay shape: the library's documented WeChat-helper API covertly proxies caller-supplied secrets to a destination the caller did not choose. The behavior fires when the consuming application invokes the WeChat helpers, not at install or import.\n","modified":"2026-05-27T00:32:10.028064555Z","published":"2026-05-25T05:27:16Z","withdrawn":"2026-05-26T22:13:04Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-05-26T05:52:53.21472531Z","sha256":"33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57","source":"amazon-inspector","modified_time":"2026-05-25T05:27:16Z","id":"IN-MAL-2026-004584","versions":["1.1.16"]}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/heims/1.1.16/"}],"affected":[{"package":{"name":"heims","ecosystem":"PyPI","purl":"pkg:pypi/heims"},"versions":["1.1.16"],"database_specific":{"indicators":{"evidence_files":[{"sha256":"02aef4ce9ae8ee5e74b1196c077f0e4e890f17950b26671e04afa6729d7d2cc7","tlsh":"0f42c917ea136d46d35a48ad21ab870676387c13808c6038bdbd51cc1f8d92ba077feb","path":"src/heims/utils/wechat/wechat_util.py"}],"package_integrity":[{"filename":"heims-1.1.16-py3-none-any.whl","hashes":{"blake2b_256":"0feb268d8077d510a4feba8c518f9ca078df312732485fed1fef2f85b489a29d","sha256":"fb5179563d49c8bdee5f2aa87810e1c5c13606c3320931f9db3ccb3dfbd06e9b","md5":"dd5f26fa99eafc47db35aeee546a5fbf"}},{"filename":"heims-1.1.16.tar.gz","hashes":{"sha256":"89556c2df773eafa1dd5c3440ac3deee64ef505b8087b0b7c364f7450feb3882","blake2b_256":"33882c03b3e8cda29ba6993c62831e45aa10fddc24b5ef453df8532a5cd3f8c2","md5":"c0bfda4d25643c18295d90648ba3009e"}}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/heims/MAL-2026-4754.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}