{"id":"MAL-2026-763","summary":"Malicious code in web3-meme-tool (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed)\nDisguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-metadata-checker\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-generic\n\n\n - obfuscation\n","modified":"2026-02-05T16:12:03.832259Z","published":"2026-02-05T14:33:05Z","database_specific":{"iocs":{"urls":["https://8d7sabfsd2.youkyy.com/MyData.php","https://8d7sabfsd2.youkyy.com/1.php"],"domains":["8d7sabfsd2.youkyy.com","youkyy.com"]},"malicious-packages-origins":[{"modified_time":"2026-02-05T14:33:05.872257Z","sha256":"62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed","source":"kam193","versions":["0.1.2"],"import_time":"2026-02-05T15:18:43.58979803Z","id":"pypi/2026-02-metadata-checker/web3-meme-tool"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/web3-meme-tool"}],"affected":[{"package":{"name":"web3-meme-tool","ecosystem":"PyPI","purl":"pkg:pypi/web3-meme-tool"},"versions":["0.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/web3-meme-tool/MAL-2026-763.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}