{"id":"MAL-2026-5841","summary":"Malicious code in twrap-toolkit (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259)\ntwrap_toolkit/__init__.py defines _get_payload() which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py and passes the response body to exec() inside the package's only public API surface (format_block() and align_columns()). Any caller of the documented API executes attacker-controlled Python with no TLS, no pinning, and no integrity check, granting full remote code execution to the operator of 194.5.152.9. The package name and the attacker-controlled URL path both impersonate the legitimate 'textwrap-toolkit' utility, indicating a typosquat designed to lure installations into the dropper. Installing this package and invoking its advertised functions yields arbitrary code execution as the calling user.\n\n## Source: kam193 (2308804ebaf25e3528cd82eb53bab024eb80d9944a8b60950ef348d7a5022a22)\nDuring import, package downloads and executes an obfuscated script. The code then adds a new authorized SSH key and reports back the IP of the current environment. After that, the code also attempts to exfiltrate cryptocurrency wallet data\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-textwrap-toolkit-stager\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - obfuscation\n\n\n - crypto-related\n\n\n - Downloads and executes a remote malicious script.\n\n\n - exfiltration-crypto\n","modified":"2026-06-16T23:16:57.251130080Z","published":"2026-06-15T21:52:02Z","database_specific":{"iocs":{"urls":["http://194.5.152.9:5555/report","http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py","http://194.5.152.9:5555/tao"],"ips":["194.5.152.9"]},"malicious-packages-origins":[{"versions":["1.0.0"],"source":"kam193","import_time":"2026-06-15T22:45:32.270065771Z","id":"pypi/2026-06-textwrap-toolkit-stager/twrap-toolkit","modified_time":"2026-06-15T21:52:02.459513Z","sha256":"2308804ebaf25e3528cd82eb53bab024eb80d9944a8b60950ef348d7a5022a22"},{"versions":["1.0.0"],"source":"amazon-inspector","import_time":"2026-06-16T23:03:43.646187578Z","id":"IN-MAL-2026-006847","modified_time":"2026-06-16T22:21:10Z","sha256":"174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/twrap-toolkit"},{"type":"PACKAGE","url":"https://pypi.org/project/twrap-toolkit/1.0.0/"}],"affected":[{"package":{"name":"twrap-toolkit","ecosystem":"PyPI","purl":"pkg:pypi/twrap-toolkit"},"versions":["1.0.0"],"database_specific":{"indicators":{"package_integrity":[{"hashes":{"sha256":"e1a17e5faedaa99add487bfcf5c65e62303e4ba3fadfabff6544c89ff47b5325","blake2b_256":"c5b5086c279b956b2b9df90b3dd01733799ee9efc366f3860fe1c534260e3fa5","md5":"f0916a206d2e872260c8db5f49703870"},"filename":"twrap_toolkit-1.0.0-py3-none-any.whl"},{"hashes":{"sha256":"6dc0eb6656451d088222625b7e774acc3a3ca8f40d84e1ccf8d14a0c0f2ef061","blake2b_256":"3a817e0d2dc8536a65a287349fddfad21040514658e8e34d5e2b294faeb7d5ed","md5":"f16ecc9158300f10956a415058ac02a6"},"filename":"twrap_toolkit-1.0.0.tar.gz"}],"evidence_files":[{"tlsh":"ed11dc0bcc219c97c59b507c7099ed21a25e7d0bba0aa434bf4c479c2f08630d07108c","sha256":"92f02ae53d0d0a13dc95bf9654db648fee97b766385190c9c621e676b2f8a68f","path":"twrap_toolkit/__init__.py"},{"tlsh":"82d097154c612288c880843b2c92a042363e232b3f6090c872cc03082b0e2ab8b2a185","sha256":"66183753bd9f37f01d6ccf45bdae561b69946ffe2aa3b8b503c91ae6edd96d8b","path":"setup.py"}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/twrap-toolkit/MAL-2026-5841.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}