{"id":"MAL-2026-5329","summary":"Malicious code in spaysdatarbx (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (31b0b97326861aabb747f26e130a5dbda5ac78100fafbb3a3327b1981119e3a6)\nThe package exfiltrates Roblox cookies from the victim machine.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-spaysrbdata\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n","modified":"2026-06-09T10:46:30.042555782Z","published":"2026-06-08T13:43:18Z","database_specific":{"malicious-packages-origins":[{"sha256":"31b0b97326861aabb747f26e130a5dbda5ac78100fafbb3a3327b1981119e3a6","import_time":"2026-06-08T15:12:45.407175189Z","versions":["0.1.3","0.1.5"],"id":"pypi/2026-06-spaysrbdata/spaysdatarbx","source":"kam193","modified_time":"2026-06-08T13:43:18.338578Z"},{"sha256":"ddffc9e3413a0002eb53a77c72679297563add6c776b89475e9e0bb83d516d49","versions":["0.1.3","0.1.5"],"import_time":"2026-06-09T10:41:59.933480846Z","id":"pypi/2026-06-spaysrbdata/spaysdatarbx","source":"kam193","modified_time":"2026-06-08T13:43:18.338578Z"}],"iocs":{"urls":["https://script.google.com/macros/s/AKfycbwa8sLEdsG_leFVecuc_dFrZ_h5JnZKrWxXWazK1T6DoKGAGG5OJ9rznwYXg2PS-h1d/exec","https://discord.com/api/webhooks/1513807955340820602/-UbLOjMGWIop17hrvQ7XsrZkJBJaNlMTueX7xnsJ9hz6DKaBgSe_Ur2FIgSJMHlusBwx"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/spaysdatarbx"}],"affected":[{"package":{"name":"spaysdatarbx","ecosystem":"PyPI","purl":"pkg:pypi/spaysdatarbx"},"versions":["0.1.3","0.1.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spaysdatarbx/MAL-2026-5329.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}