{"id":"MAL-2026-946","summary":"Malicious code in lala6992 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (03f1d0663411a521e65c618865d7a6e362db8597306c4c8c41d6226292ca7854)\nThe OpenSSF Package Analysis project identified 'lala6992' @ 1.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-02-19T22:58:22.814828Z","published":"2026-02-12T05:30:51Z","database_specific":{"malicious-packages-origins":[{"sha256":"03f1d0663411a521e65c618865d7a6e362db8597306c4c8c41d6226292ca7854","versions":["1.0.0"],"modified_time":"2026-02-12T06:36:01Z","import_time":"2026-02-19T22:45:33.860229496Z","source":"ossf-package-analysis"},{"sha256":"6c04fc56ba323977ba5d23e5ab33ec4deb902d114d06ba7e31ac164bc9a707c3","versions":["0.4.0"],"modified_time":"2026-02-12T05:30:51Z","import_time":"2026-02-19T22:45:33.756859702Z","source":"ossf-package-analysis"},{"sha256":"8a7c801763196cac5530e817224ab4f51f107e796751995266d4d9437af16e2e","versions":["1.2.0"],"modified_time":"2026-02-12T06:45:45Z","import_time":"2026-02-19T22:45:33.96061483Z","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"lala6992","ecosystem":"PyPI","purl":"pkg:pypi/lala6992"},"versions":["1.0.0","0.4.0","1.2.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/lala6992/MAL-2026-946.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}