{"id":"PYSEC-2024-1","summary":"gratient 0.5 contains credential harvesting code","details":"gratient is a user-facing library for generating color gradients of text.\nVersion 0.5 contained obfuscated, malicious code targeting\nWindows platforms, harvesting information and credentials from the\nuser's system and sending them to a remote server.\nServices may include Mullvad VPN and Telegram.\n","modified":"2024-01-03T22:31:36Z","published":"2024-01-03T23:23:36.586611Z","references":[{"type":"EVIDENCE","url":"https://inspector.pypi.io/project/gratient/0.5/packages/c5/c5/353e45fa57fa5f1b2b42fa24a029cdfb018d7263850fb43b6d6352157734/gratient-0.5-py3-none-any.whl/gratient/__init__.py#line.4"},{"type":"WEB","url":"https://pypi.org/project/gratient/"}],"affected":[{"package":{"name":"gratient","ecosystem":"PyPI","purl":"pkg:pypi/gratient"},"versions":["0.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gratient/PYSEC-2024-1.yaml"}}],"schema_version":"1.7.3","credits":[{"name":"Mike Fiedler","type":"ANALYST"},{"name":"Mike Fiedler","type":"COORDINATOR"}]}