{"id":"MAL-2026-846","summary":"Malicious code in cryptowallethash (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592)\nThe package claims to calculate a hash value for usage in \"cryptocurrency\", but before returning the hash, it exfiltrates the plain value.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-old-cryptowallethash\n\n\nReasons (based on the campaign):\n\n\n - crypto-related\n\n\n - exfiltration-crypto\n","modified":"2026-02-10T23:31:48.977614Z","published":"2026-02-10T23:03:29Z","database_specific":{"malicious-packages-origins":[{"versions":["0.0.6","0.0.7","0.0.8"],"id":"pypi/2026-02-old-cryptowallethash/cryptowallethash","sha256":"4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592","import_time":"2026-02-10T23:18:03.133890053Z","source":"kam193","modified_time":"2026-02-10T23:05:44.297788Z"}],"iocs":{"urls":["http://18.197.200.123:3000/"]}},"references":[{"type":"WEB","url":"https://github.com/akioguru/cryptowallethash"},{"type":"WEB","url":"https://github.com/akioguru/cryptowallethash/blob/main/cryptowallethash/functions.py#L8"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/cryptowallethash"}],"affected":[{"package":{"name":"cryptowallethash","ecosystem":"PyPI","purl":"pkg:pypi/cryptowallethash"},"versions":["0.0.6","0.0.7","0.0.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cryptowallethash/MAL-2026-846.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}