{"id":"MAL-2026-763","summary":"Malicious code in web3-meme-tool (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed)\nDisguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-metadata-checker\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-generic\n\n\n - obfuscation\n","modified":"2026-02-05T16:12:03.832259Z","published":"2026-02-05T14:33:05Z","database_specific":{"malicious-packages-origins":[{"id":"pypi/2026-02-metadata-checker/web3-meme-tool","import_time":"2026-02-05T15:18:43.58979803Z","versions":["0.1.2"],"source":"kam193","modified_time":"2026-02-05T14:33:05.872257Z","sha256":"62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed"}],"iocs":{"domains":["8d7sabfsd2.youkyy.com","youkyy.com"],"urls":["https://8d7sabfsd2.youkyy.com/MyData.php","https://8d7sabfsd2.youkyy.com/1.php"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/web3-meme-tool"}],"affected":[{"package":{"name":"web3-meme-tool","ecosystem":"PyPI","purl":"pkg:pypi/web3-meme-tool"},"versions":["0.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/web3-meme-tool/MAL-2026-763.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}