Vulnerability-Lookup

MAL-2026-4291

Vulnerability from ossf_malicious_packages

Published

2026-05-25 01:25

Modified

2026-05-26 05:55

Summary

Malicious code in pylogkt (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (aa1c9e5bf0ffd994f076a4a76395b5bcccd2716229439910912bd49aaf52f903)

The package masquerades as a logging utility but every call to its logging API (log.info/debug/etc) triggers Logger._log, which on macOS hosts (paths starting with /Users or /Library) silently spawns a detached subprocess running pylogkt/_check.py. That script self-deletes from disk (os.remove(file)), then enters an infinite 60-second polling loop against https://pypkg.dev/project/pylogkt/json with TLS verification disabled (ssl._create_unverified_context()). The first POST exfiltrates the absolute install path (base_dir.encode()), revealing the victim's username and site-packages layout. Subsequent responses are base64-decoded and passed to os.system via pip show <data>; the shell-escape filter allows ;, |, &, (, ), and >, making arbitrary command injection trivial. The C2 host pypkg.dev typosquats pypi.org and uses a /project//json path that mimics PyPI's real JSON API to camouflage the traffic. This is a full-fidelity backdoor: persistent C2, self-evidence-deletion, disabled TLS, and remote command execution on the installer's machine.

Source: kam193 (90888c84173734fb54c893b2634d4d96c6fca8a04e0cbde4ca8e39ec1878b1bc)

Package silently executes remote code during import.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-lognest

Reasons (based on the campaign):

Downloads and executes a remote malicious script.

CWE

CWE-506 - The product contains code that appears to be malicious in nature.

Credits

Amazon Inspector actran@amazon.com

Kamil Mańkowski (kam193) github.com/kam193 bad-packages.kam193.eu/

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "pylogkt/_check.py",
              "sha256": "51e8d7b1631d7e4a805956a0dccbbf3e04b3f2e3b8ea2a5b4de2e73723185b9e",
              "tlsh": "9e315366a91c00a9d383889bd820e5601737fc0f6a01ca74fadcd3a05fc957782f3a89"
            }
          ],
          "package_integrity": [
            {
              "filename": "pylogkt-0.1.2-py3-none-any.whl",
              "hashes": {
                "blake2b_256": "7aebfcac2f1d513c0875828fb72324b3a7b46909870c65f9fdcb194788343261",
                "md5": "5a38c151a4662f978da960003e5d9e92",
                "sha256": "b13fc08f7531ee52649f84d886885593060febbab2b3e7e5312175c64fbf8ec3"
              }
            },
            {
              "filename": "pylogkt-0.1.2.tar.gz",
              "hashes": {
                "blake2b_256": "a666696c6fde7dcdf29c8c41312408136eec8cf19e362c39a0b424d80c05b24d",
                "md5": "30df2fe937feb3b1ef1d4851e96d15b9",
                "sha256": "26f708bea0958cf20e27d86c14d0149db96f5863f8368bd30266c218e072b5b7"
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "pylogkt"
      },
      "versions": [
        "0.1.2"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "actran@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    },
    {
      "contact": [
        "https://github.com/kam193",
        "https://bad-packages.kam193.eu/"
      ],
      "name": "Kamil Ma\u0144kowski (kam193)",
      "type": "ANALYST"
    },
    {
      "contact": [
        "https://github.com/kam193",
        "https://bad-packages.kam193.eu/"
      ],
      "name": "Kamil Ma\u0144kowski (kam193)",
      "type": "REPORTER"
    }
  ],
  "database_specific": {
    "iocs": {
      "domains": [
        "pypkg.dev"
      ],
      "urls": [
        "https://pypkg.dev/project/logger/json"
      ]
    },
    "malicious-packages-origins": [
      {
        "id": "pypi/2026-05-lognest/pylogkt",
        "import_time": "2026-05-25T05:03:48.345118229Z",
        "modified_time": "2026-05-25T03:28:41.116176Z",
        "sha256": "90888c84173734fb54c893b2634d4d96c6fca8a04e0cbde4ca8e39ec1878b1bc",
        "source": "kam193",
        "versions": [
          "0.1.2"
        ]
      },
      {
        "id": "pypi/2026-05-lognest/pylogkt",
        "import_time": "2026-05-25T10:37:43.683100678Z",
        "modified_time": "2026-05-25T03:28:41.116176Z",
        "sha256": "a477e4b644651b855ab6d0568792cc1ce87910245e26752df47377ac9f4ebb86",
        "source": "kam193",
        "versions": [
          "0.1.2"
        ]
      },
      {
        "id": "IN-MAL-2026-004564",
        "import_time": "2026-05-26T05:52:51.015365646Z",
        "modified_time": "2026-05-25T01:25:10Z",
        "sha256": "aa1c9e5bf0ffd994f076a4a76395b5bcccd2716229439910912bd49aaf52f903",
        "source": "amazon-inspector",
        "versions": [
          "0.1.2"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (aa1c9e5bf0ffd994f076a4a76395b5bcccd2716229439910912bd49aaf52f903)\nThe package masquerades as a logging utility but every call to its logging API (log.info/debug/etc) triggers Logger._log, which on macOS hosts (paths starting with /Users or /Library) silently spawns a detached subprocess running pylogkt/_check.py. That script self-deletes from disk (os.remove(__file__)), then enters an infinite 60-second polling loop against https://pypkg.dev/project/pylogkt/json with TLS verification disabled (ssl._create_unverified_context()). The first POST exfiltrates the absolute install path (base_dir.encode()), revealing the victim\u0027s username and site-packages layout. Subsequent responses are base64-decoded and passed to os.system via `pip show \u003cdata\u003e`; the shell-escape filter allows `;`, `|`, `\u0026`, `(`, `)`, and `\u003e`, making arbitrary command injection trivial. The C2 host pypkg.dev typosquats pypi.org and uses a /project/\u003cpkg\u003e/json path that mimics PyPI\u0027s real JSON API to camouflage the traffic. This is a full-fidelity backdoor: persistent C2, self-evidence-deletion, disabled TLS, and remote command execution on the installer\u0027s machine.\n\n## Source: kam193 (90888c84173734fb54c893b2634d4d96c6fca8a04e0cbde4ca8e39ec1878b1bc)\nPackage silently executes remote code during import.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-05-lognest\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote malicious script.\n",
  "id": "MAL-2026-4291",
  "modified": "2026-05-26T05:55:05Z",
  "published": "2026-05-25T01:25:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://bad-packages.kam193.eu/pypi/package/pylogkt"
    },
    {
      "type": "PACKAGE",
      "url": "https://pypi.org/project/pylogkt/0.1.2/"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in pylogkt (PyPI)"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted