{"id":"MAL-2026-5839","summary":"Malicious code in cipherflow (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (281ede3c5b3181c2df22a4b32a01453a51ac389a1dfe8bde69d53821cbaf20d4)\ncipherflow advertises itself as a zero-dependency pure-Python AES/DES library, but cipherflow/_environ.py contains a multi-layer-obfuscated payload that is decoded and passed directly to exec(). The blob is base85-decoded, XOR'd against a 32-byte key, then zlib-decompressed before being executed: `exec(zlib.decompress(bytes(__[i]^_[i%len(_)] for i in range(len(__)))).decode())` with `__ = base64.b85decode(b'MJ*(r4W!?y...')`. This payload is exposed via cipherflow.setup_env() (declared in __all__), whose docstring translates to 'download and execute external environment'. The function is not mentioned anywhere in the README/PKG-INFO. The combination of triple-stacked encoding (base85 + XOR + zlib) terminating in exec(), placement inside a cover-named module (_environ.py / setup_env), and intentional omission from documentation are canonical signals of hidden malicious code execution. Any consumer who imports cipherflow and invokes setup_env() — or any downstream code that does so — runs whatever bytes the author chose to hide, with full process privileges.\n\n## Source: kam193 (c5572ca4917ed5ce72dfcb7d82abb3a085cdaed9f1992463800826bc18249f91)\nThe package contains obfuscated code to download executables from a typosquatted domain.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-cipherflow\n\n\nReasons (based on the campaign):\n\n\n - obfuscation\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-06-16T01:16:01.189358698Z","published":"2026-06-15T21:36:32Z","database_specific":{"malicious-packages-origins":[{"versions":["0.1.2"],"modified_time":"2026-06-15T21:36:34Z","id":"IN-MAL-2026-006721","import_time":"2026-06-15T22:45:30.331795109Z","sha256":"281ede3c5b3181c2df22a4b32a01453a51ac389a1dfe8bde69d53821cbaf20d4","source":"amazon-inspector"},{"versions":["0.1.3"],"modified_time":"2026-06-15T21:36:32Z","id":"IN-MAL-2026-006720","import_time":"2026-06-15T22:45:30.215056128Z","sha256":"31690b7dc2576fb3dfe0aae6a5e1893ccd766d080c44dd7fa5e38f4904f809aa","source":"amazon-inspector"},{"source":"kam193","modified_time":"2026-06-15T23:36:37.078624Z","id":"pypi/2026-06-cipherflow/cipherflow","versions":["0.1.0","0.1.1","0.1.2","0.1.3"],"import_time":"2026-06-16T01:10:50.00851767Z","sha256":"c5572ca4917ed5ce72dfcb7d82abb3a085cdaed9f1992463800826bc18249f91"}],"iocs":{"domains":["update.windowsuqdate.com","windowsuqdate.com"],"urls":["http://update.windowsuqdate.com/dfsvc.exe","http://update.windowsuqdate.com/dfsvc.exe.config","http://update.windowsuqdate.com/runtime.dat","http://update.windowsuqdate.com/WinlicenseSDK.dll"]}},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/cipherflow/0.1.2/"},{"type":"PACKAGE","url":"https://pypi.org/project/cipherflow/0.1.3/"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/cipherflow"}],"affected":[{"package":{"name":"cipherflow","ecosystem":"PyPI","purl":"pkg:pypi/cipherflow"},"versions":["0.1.2","0.1.3","0.1.0","0.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cipherflow/MAL-2026-5839.json","indicators":{"package_integrity":[{"hashes":{"sha256":"3df7f139925bffed925b5461307ce17c15f2ff6f098826f2ceb57ddf1adb0d78","md5":"2fff02f30e259ffdff03575d528de710","blake2b_256":"c2d1420b4981cc8f3ca1e678e2b6487267949c5bd7b8638a1111bd31fc60cbe3"},"filename":"cipherflow-0.1.3-py3-none-any.whl"},{"hashes":{"sha256":"df5b7b9dd86c122d2b6cec7a71a7e8f48a1ab63d9610b80cb512e1b8a00569ac","md5":"5b8e147f530f4a7e64f4f8e5f91132cf","blake2b_256":"23c341b2c16cf7051848162d05bbbdf17bc5038f44c89f1cfec85ade19db4294"},"filename":"cipherflow-0.1.3.tar.gz"}],"evidence_files":[{"sha256":"1c730342a64c97e32a697ab1ed78d59dadd837b866c1df575178f2f46897fdc2","path":"cipherflow/_environ.py","tlsh":"8211b5c087974defd1884a126f31eec643222c4eb0b8a3c1d9093f0e82760b11eeb440"}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"}]}