mal-2026-870
Vulnerability from ossf_malicious_packages
Published
2026-02-12 12:10
Modified
2026-03-08 22:44
Summary
Malicious code in b10connoisseur (PyPI)
Details
-= Per source details. Do not edit below this line.=-
Source: kam193 (3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7)
During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-b10connoisseur
Reasons (based on the campaign):
-
exfiltration-generic
-
exfiltration-env-variables
-
The package overrides the install command in setup.py to execute malicious code during installation.
Source: ossf-package-analysis (c734377588989b8ed547518a07d2d0fd2e92265be0539f4432d06b994e9e6d17)
The OpenSSF Package Analysis project identified 'b10connoisseur' @ 0.12.0 (pypi) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
Credits
OpenSSF: Package Analysis
github.com/ossf/package-analysis
openssf.slack.com/channels/package_analysis
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "b10connoisseur"
},
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.24.0",
"0.25.0",
"0.26.0",
"0.27.0",
"0.28.0",
"0.29.0",
"0.30.0",
"0.31.0"
]
}
],
"credits": [
{
"contact": [
"https://github.com/kam193",
"https://bad-packages.kam193.eu/"
],
"name": "Kamil Ma\u0144kowski (kam193)",
"type": "ANALYST"
},
{
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
],
"name": "OpenSSF: Package Analysis",
"type": "FINDER"
}
],
"database_specific": {
"iocs": {
"ips": [
"54.242.228.151"
],
"urls": [
"http://54.242.228.151:8090/debug-21f53"
]
},
"malicious-packages-origins": [
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-02-12T12:50:22.574962417Z",
"modified_time": "2026-02-12T12:10:26.705293Z",
"sha256": "3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-06T21:11:29.442372452Z",
"modified_time": "2026-03-06T20:58:08.431364Z",
"sha256": "3369b11f9021c7525dff320384476ab4d3a36616841349d59cb21ba753f4f515",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-06T21:43:21.712290924Z",
"modified_time": "2026-03-06T21:26:02.917422Z",
"sha256": "54e2c9647c748554e39f34a8fd528013199afc3ce98a72df3ecff5d999003eae",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-06T22:10:18.314107365Z",
"modified_time": "2026-03-06T21:52:32.201601Z",
"sha256": "63b61417c187ba7526127de5da1e9382570f5d886dd6562eda2e93e24d0c5820",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-06T22:45:02.058252165Z",
"modified_time": "2026-03-06T22:28:22.488206Z",
"sha256": "0d6d00e0ece09621e555fe53fb5cc483f65e31866649fbe201fd4bf59edc690e",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-06T23:11:26.676473187Z",
"modified_time": "2026-03-06T23:01:53.57702Z",
"sha256": "1bb25b00f95ef2c6e722499a681240560850314f17f8881d51846f3c53957755",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.24.0",
"0.25.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-06T23:41:40.38084262Z",
"modified_time": "2026-03-06T23:18:04.549966Z",
"sha256": "77dd4939c36efc50d4f211e40b1df3e13e5775cc7c6362e778393aea232baead",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.24.0",
"0.25.0",
"0.26.0",
"0.27.0",
"0.28.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-08T00:34:36.425306Z",
"modified_time": "2026-03-08T00:04:04.253021Z",
"sha256": "c68420d96717961e267ab236270c5f6c5d01837d430054b00c9e4704d9f2de51",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.24.0",
"0.25.0",
"0.26.0",
"0.27.0",
"0.28.0",
"0.29.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-08T01:38:02.746283354Z",
"modified_time": "2026-03-08T00:22:19.258541Z",
"sha256": "178496344d1882e4e35e5b0041d82f48a492b27e21d5587f5ee24170d78a2706",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.24.0",
"0.25.0",
"0.26.0",
"0.27.0",
"0.28.0",
"0.29.0",
"0.30.0"
]
},
{
"id": "pypi/2026-02-b10connoisseur/b10connoisseur",
"import_time": "2026-03-08T03:05:15.735255176Z",
"modified_time": "2026-03-08T01:20:25.206376Z",
"sha256": "37e278994fea44b8b5112f9a008ba6134b6b386c6994b6ac32a25ba1e1ea0f53",
"source": "kam193",
"versions": [
"0.1.0",
"0.2.0",
"0.3.0",
"0.4.0",
"0.5.0",
"0.12.0",
"0.13.0",
"0.14.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.24.0",
"0.25.0",
"0.26.0",
"0.27.0",
"0.28.0",
"0.29.0",
"0.30.0",
"0.31.0"
]
},
{
"import_time": "2026-03-08T22:41:48.456837833Z",
"modified_time": "2026-03-06T20:42:54Z",
"sha256": "c734377588989b8ed547518a07d2d0fd2e92265be0539f4432d06b994e9e6d17",
"source": "ossf-package-analysis",
"versions": [
"0.12.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7)\nDuring installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-b10connoisseur\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-generic\n\n\n - exfiltration-env-variables\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (c734377588989b8ed547518a07d2d0fd2e92265be0539f4432d06b994e9e6d17)\nThe OpenSSF Package Analysis project identified \u0027b10connoisseur\u0027 @ 0.12.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
"id": "MAL-2026-870",
"modified": "2026-03-08T22:44:03Z",
"published": "2026-02-12T12:10:26Z",
"references": [
{
"type": "WEB",
"url": "https://bad-packages.kam193.eu/pypi/package/b10connoisseur"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in b10connoisseur (PyPI)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…