{"id":"MAL-2026-5722","summary":"Malicious code in textwrap-toolkit-stager (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4)\nOn `import textwrap_toolkit_stager`, the package's `__init__.py` unconditionally fetches Python source from `http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py` via `urllib.request.urlopen` and passes the response bytes directly to `exec(code_bytes, {\"__name__\": \"__main__\"})`. The fetch uses a bare IP over plaintext HTTP, with no version pinning, no hash verification, and errors silently swallowed. Any process that imports this package executes attacker-controlled Python code from 194.5.152.9 with the full privileges of the importing user. The package's advertised purpose ('lightweight utility for advanced text wrapping') has no implementation in the shipped code — the module's sole behavior is the remote stager. The package name itself self-describes the intent ('stager').\n\n## Source: kam193 (b5c75bdcf659eb0064e71470edd2140960c88803c906fcc5a4c9ec21b970e887)\nDuring import, package downloads and executes an obfuscated script. The code then adds a new authorized SSH key and reports back the IP of the current environment. After that, the code also attempts to exfiltrate cryptocurrency wallet data\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-textwrap-toolkit-stager\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - obfuscation\n\n\n - Downloads and executes a remote malicious script.\n\n\n - crypto-related\n\n\n - exfiltration-crypto\n","modified":"2026-06-12T22:45:58.255024331Z","published":"2026-06-12T21:02:20Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-12T21:02:21Z","versions":["1.0.0"],"sha256":"4437efa58f3f2d623e1f838fae81387714723d9a9f001a22761add0dab13cdce","import_time":"2026-06-12T21:38:19.257612007Z","id":"IN-MAL-2026-006244","source":"amazon-inspector"},{"sha256":"14493be47d247105b710bad8f013da1d30199190d7f65b765f587b6c82002e75","versions":["1.0.0"],"modified_time":"2026-06-12T21:04:44.413711Z","import_time":"2026-06-12T21:38:21.769092262Z","id":"pypi/2026-06-textwrap-toolkit-stager/textwrap-toolkit-stager","source":"kam193"},{"modified_time":"2026-06-12T21:02:20Z","versions":["1.0.0"],"sha256":"9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4","import_time":"2026-06-12T21:38:19.152888864Z","id":"IN-MAL-2026-006243","source":"amazon-inspector"},{"sha256":"b5c75bdcf659eb0064e71470edd2140960c88803c906fcc5a4c9ec21b970e887","versions":["1.0.0"],"modified_time":"2026-06-12T21:04:44.413711Z","import_time":"2026-06-12T22:36:31.761090524Z","id":"pypi/2026-06-textwrap-toolkit-stager/textwrap-toolkit-stager","source":"kam193"}],"iocs":{"urls":["http://194.5.152.9:5555/report","http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py"],"ips":["194.5.152.9"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/textwrap-toolkit-stager"},{"type":"PACKAGE","url":"https://pypi.org/project/textwrap-toolkit-stager/1.0.0/"}],"affected":[{"package":{"name":"textwrap-toolkit-stager","ecosystem":"PyPI","purl":"pkg:pypi/textwrap-toolkit-stager"},"versions":["1.0.0"],"database_specific":{"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"indicators":{"package_integrity":[{"filename":"textwrap_toolkit_stager-1.0.0-py3-none-any.whl","hashes":{"md5":"a49be0a2da95fdca72beab0cc43b201b","sha256":"855223031b298c40bae7def9ed5bc20cc4425ba7599c15425629845dfb578ef8","blake2b_256":"9c9304c208527fcf24d0219b142d81c720c4f8e2ae6f5ca88ee9faa5fba92dee"}},{"filename":"textwrap_toolkit_stager-1.0.0.tar.gz","hashes":{"md5":"82109d697f7f1bc6192070aada8964d0","sha256":"0e78a23feb3e7b01e4a0cc6ba2ad7b5350740cc5c9487d906396a614d2b16b37","blake2b_256":"393312237523e92f697b7e2fb28ba6668b193e7e38df33c83b822c840a8b778c"}}],"evidence_files":[{"sha256":"0163c7181d983fb82872ed6df0aef6fd8b845daf246928b6bcf0a349bc9c91ec","tlsh":"9ee0262b4c247cf3858750a86214e6e2b22ba80bb113e838fadd33d82f4983cc450486","path":"textwrap_toolkit_stager/__init__.py"}],"domains":["api.ipify.org"]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/textwrap-toolkit-stager/MAL-2026-5722.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}