{"id":"MAL-2026-4756","summary":"Malicious code in ml2000 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6)\nOn invoking the `ml2000` CLI with no arguments, `interactive_menu()` in `src/ml_labs/generator.py` writes a batch file and launches it via `subprocess.Popen([\"cmd.exe\", \"/c\", bat_path], creationflags=DETACHED_PROCESS | CREATE_NO_WINDOW)`. The batch script runs `taskkill /IM WindowsTerminal.exe /F`, `taskkill /IM cmd.exe /F`, `taskkill /IM powershell.exe /F`, then `pipx uninstall ml2000`, then deletes itself. The use of detached/no-window flags hides this from the user, and the README advertises only ML notebook code generation — the destructive behavior is undisclosed. This is install/use-time destruction of installer-side resources: open terminal sessions are force-killed (causing loss of unsaved work in any other shell the user has open) and the package removes itself behind the user's back. Project metadata is also placeholder (`Your Name \u003cyour.email@example.com\u003e`), corroborating that this is not a legitimate maintained release.\n","modified":"2026-05-26T06:03:12.064141535Z","published":"2026-05-22T13:29:09Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-004205","modified_time":"2026-05-22T13:29:09Z","versions":["0.1.4"],"sha256":"871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6","import_time":"2026-05-26T05:52:08.478172901Z","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/ml2000/0.1.4/"}],"affected":[{"package":{"name":"ml2000","ecosystem":"PyPI","purl":"pkg:pypi/ml2000"},"versions":["0.1.4"],"database_specific":{"indicators":{"evidence_files":[{"tlsh":"ee62fb22f9610d7887a7e868bcd8905026b260075e52247e73ecc6348f5947877b7eab","path":"src/ml_labs/generator.py","sha256":"15257290faad02afcc0326e4f8c333e6bed01c5a4af17e6d4de9730c8d309370"},{"tlsh":"99f0c91386a2ae645695005014084d60e971a8081ac8d84917ed814dae3cd9ac7fca29","path":"pyproject.toml","sha256":"120c59813790ebb5eea6391b810105f3d1e9c0cd3d685f184500f1794c89b68d"}],"package_integrity":[{"hashes":{"md5":"a385950f07b914cab8013254ee20e9b5","sha256":"d46d894f811444f1d0152351b50cfa4748f7884f42bbed6772898dfb19277c0f","blake2b_256":"cc31d932503a52a4b872a34b659946418bc94aa5fedab66d970010ecf7766422"},"filename":"ml2000-0.1.4-py3-none-any.whl"},{"hashes":{"md5":"80f0db9b97f8a9fb03012d8a4d1fd248","sha256":"ae80e68f40805fd1d2f827f1d384a46d1f57d375ff6932f933eb012605b0a614","blake2b_256":"cc871da1b5bbe405cac61a96028a13a0f84cef21892db20d76a2bc459c8d3af2"},"filename":"ml2000-0.1.4.tar.gz"}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ml2000/MAL-2026-4756.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}