{"id":"MAL-2026-622","summary":"Malicious code in genvia-utils (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (daedaaf2f945a1cc86a93f479d8284153533d387ddd7b00418991a7998a37e11)\nDuring installation, the package attempts to exfiltrate specific sensitive environment variables.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-genvia-utils\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - dependency-confusion\n","modified":"2026-02-01T19:48:51.663838Z","published":"2026-02-01T19:06:58Z","database_specific":{"malicious-packages-origins":[{"source":"kam193","modified_time":"2026-02-01T19:06:58.378839Z","versions":["6.0.2","99.99.99"],"sha256":"daedaaf2f945a1cc86a93f479d8284153533d387ddd7b00418991a7998a37e11","import_time":"2026-02-01T19:39:49.022041756Z","id":"pypi/2026-02-genvia-utils/genvia-utils"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/genvia-utils"}],"affected":[{"package":{"name":"genvia-utils","ecosystem":"PyPI","purl":"pkg:pypi/genvia-utils"},"versions":["6.0.2","99.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/genvia-utils/MAL-2026-622.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}