{"id":"MAL-2026-5795","summary":"Malicious code in gptminifast (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (367066b272bcc8da7b253c53e1771b5aad257edef1e77ee29fc9a8c9ba73bf63)\nDuring installation, the code attempts to download and start a malicious executable.\n\nLikely related to 2025-08-raknet-testing-package.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-easyaillm\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - obfuscation\n\n\n - malware\n\n\n - tool:mshta\n","modified":"2026-06-17T10:01:00.821026462Z","published":"2026-06-15T15:59:57Z","database_specific":{"iocs":{"domains":["fixars.top"],"urls":["https://pastebin.com/raw/hEF5HaFc","https://pastebin.com/raw/yBcUM1QBs","https://pastebin.com/raw/yBcUM1QB","http://fixars.top"]},"malicious-packages-origins":[{"import_time":"2026-06-15T17:22:55.262093724Z","sha256":"357aff83086340ea5d3c504105e1cc7cec31fbea24e321ba5e87c2eb02c8389c","modified_time":"2026-06-15T16:03:35.183697Z","id":"pypi/2026-06-easyaillm/gptminifast","source":"kam193","versions":["2.21"]},{"import_time":"2026-06-15T22:45:32.260571716Z","modified_time":"2026-06-15T16:03:35.183697Z","sha256":"5e1e2f518c3c7dcb697718ac23d4cd44eae1dd42abd89d83a091bfcdc1dc8fdc","id":"pypi/2026-06-easyaillm/gptminifast","source":"kam193","versions":["2.21"]},{"import_time":"2026-06-16T10:17:17.174486312Z","sha256":"7bb1f6b19a1cc48953de1e042d29a22b92d19dce20c68c5c0d310d77e08b7842","modified_time":"2026-06-15T16:03:35.183697Z","id":"pypi/2026-06-easyaillm/gptminifast","source":"kam193","versions":["2.21"]},{"import_time":"2026-06-17T09:49:36.170704229Z","sha256":"367066b272bcc8da7b253c53e1771b5aad257edef1e77ee29fc9a8c9ba73bf63","modified_time":"2026-06-15T16:03:35.183697Z","versions":["2.21"],"source":"kam193","id":"pypi/2026-06-easyaillm/gptminifast"}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/1a5beab4a6facb46b4afc5f8526e1327e6c7d740ccaf34c6a921ac18eff29427/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/4c99c8edfc4444f46932f14afccb2952a3850df765765f9ac793d69f318c192f/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/0649f50ead3695f41c1243883200bdb775410bcd8c8fb88277740a625a154e25"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/gptminifast"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/926e8f1a7f349ff1eef31f89fa8ffe265c30b92e310e8bea19962d38f8c32129"}],"affected":[{"package":{"name":"gptminifast","ecosystem":"PyPI","purl":"pkg:pypi/gptminifast"},"versions":["2.21"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/gptminifast/MAL-2026-5795.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}