{"id":"MAL-2026-5029","summary":"Malicious code in modulebuild3240234t (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (4d5962bd4c41d59c276f1fa132030098e557dee6bfe0b0a368a952f70d217287)\nThe package contains an infostealer targeting the Roblox ecosystem.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-05-modulebuild3240234t\n\n\nReasons (based on the campaign):\n\n\n - obfuscation\n\n\n - infostealer\n\n\n - exfiltration-credentials\n","modified":"2026-05-29T05:16:09.356670035Z","published":"2026-05-29T03:21:55Z","database_specific":{"iocs":{"urls":["https://discord.com/api/webhooks/1509322846877515958/1lhoM9D4U-eyvVefaufc9TxQbRYBeZiLSUEhnRhS2dGG4jaLXCFc5B4vjqyBGfAWtVjU"]},"malicious-packages-origins":[{"modified_time":"2026-05-29T03:21:55.733959Z","sha256":"4d5962bd4c41d59c276f1fa132030098e557dee6bfe0b0a368a952f70d217287","import_time":"2026-05-29T04:58:28.328793927Z","id":"pypi/2026-05-modulebuild3240234t/modulebuild3240234t","source":"kam193","versions":["1.0.0","1.0.1","2.0.0","3.0.0"]}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/modulebuild3240234t"}],"affected":[{"package":{"name":"modulebuild3240234t","ecosystem":"PyPI","purl":"pkg:pypi/modulebuild3240234t"},"versions":["1.0.0","1.0.1","2.0.0","3.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/modulebuild3240234t/MAL-2026-5029.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}