MALICIOUS (1) package from Python Package Index.
- The campaign has clearly malicious intent, like infostealers.
faest¶
- Metadata(1) Check in pypi-data project
- Affected versions(2) unspecified
- May not be available. See more in pypi-json-data repository.
- Version numbers are currently not tracked. Assume all versions are affected.
Campaign data¶
Campaign information may not always be 100% accurate for every related package.
Campaign description
When using this library to do any request, a "validate_origin" function is called (L1320 in _client.py). This method, located in _utils.py, collects all request data, tries also read /etc/shadow using Docker container, and sends them to an endpoint controlled by the package author.
The package seems to be a clone of httpx and also informs in the README that it's a malicious library, as so, it seems to be a malicious research attempts.
See more details on the campaign page.
action-hidden-in-lib-usage
Campaign targets action-hidden-in-lib-usage.
clons_real_package
The package is a clone of a real package, but with malicious code added.
exfiltration_generic
Campaign targets exfiltration_generic.