Assign IDs

Author: github-actions

osv/malicious/pypi/utf-cleaner/MAL-0000-kam193-09b9e5c5deafbf75.json

@@ -1,10 +1,10 @@
 {
-  "modified": "2026-03-22T23:12:31Z",
+  "modified": "2026-03-23T00:40:01Z",
   "published": "2025-01-10T13:26:27Z",
   "schema_version": "1.7.4",
   "id": "MAL-2025-73",
   "summary": "Malicious code in utf-cleaner (PyPI)",
-  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8382837e2b4420621b1ac738092bf8d584dde848e0f8cd6bbf73b0fbc6f74fcb)\nDuring import, the package silently downloads and executes remote code. This code starts a web server in the separate process and listens for commands to execute from a C2 server, as well as periodically sends a beacon to C2 allowing discovery and finishing execution.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-old-utf-cleaner\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote malicious script.\n\n\n - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.\n\n## Source: ossf-package-analysis (2f3468ce127ee2c3a221f8b2331c633be1c43772101c4baeca6ab4e47710b9ac)\nThe OpenSSF Package Analysis project identified 'utf-cleaner' @ 3.4.1 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (09b9e5c5deafbf756df5201976fdbdc3c61c10e815234df9aeb32764a3cd9652)\nDuring import, the package silently downloads and executes remote code. This code starts a web server in the separate process and listens for commands to execute from a C2 server, as well as periodically sends a beacon to C2 allowing discovery and finishing execution.\n\nThis package is closely related to Github repository https://github.com/xcummins/tg-outline-seller/ from the same author, where it's used as dependency effectively compromising its users.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-old-utf-cleaner\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote malicious script.\n\n\n - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.\n\n## Source: ossf-package-analysis (2f3468ce127ee2c3a221f8b2331c633be1c43772101c4baeca6ab4e47710b9ac)\nThe OpenSSF Package Analysis project identified 'utf-cleaner' @ 3.4.1 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
   "affected": [
     {
       "package": {
@@ -29,6 +29,10 @@
     {
       "type": "WEB",
       "url": "https://bad-packages.kam193.eu/pypi/package/utf-cleaner"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xcummins/tg-outline-seller/blob/66e1a1c348e830648d540903eda19518a5a3b8be/requirements.txt#L3"
     }
   ],
   "credits": [
@@ -109,6 +113,21 @@
           "3.4.1",
           "3.4.2"
         ]
+      },
+      {
+        "source": "kam193",
+        "sha256": "09b9e5c5deafbf756df5201976fdbdc3c61c10e815234df9aeb32764a3cd9652",
+        "import_time": "2026-03-23T00:38:15.901304798Z",
+        "id": "pypi/2026-03-old-utf-cleaner/utf-cleaner",
+        "modified_time": "2026-03-22T22:57:59.555318Z",
+        "versions": [
+          "3.3.7",
+          "3.3.8",
+          "3.3.9",
+          "3.4.0",
+          "3.4.1",
+          "3.4.2"
+        ]
       }
     ]
   }