Supply-chain threat intelligence

Incident detail

criticalpypi·typosquatting·osv

Malicious code in fflask (PyPI)

fflask

Risk score

92

AI summary

Indexed incident for fflask (pypi).

Description

Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-reqesst

Reasons (based on the campaign):

  • infostealer

  • peristence-autorun

  • typosquatting

  • exfiltration-generic

  • Downloads and executes a remote executable.

  • clones-real-package

  • dependency-confusion

  • exfiltration-browser-data

  • exfiltration-crypto


Credit: OpenSSF (source)

Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-reqesst

Reasons (based on the campaign):

  • infostealer

  • peristence-autorun

  • typosquatting

  • exfiltration-generic

  • Downloads and executes a remote executable.

  • clones-real-package

  • dependency-confusion

  • exfiltration-browser-data

  • exfiltration-crypto

Technical details

Affected versions

=3.1.8.dev0=3.1.9.dev0=3.2.0.dev0

Indicators

  • Advisory IDs
    90%
  • affected version=3.1.8.dev075%
  • affected version=3.1.9.dev075%
  • affected version=3.2.0.dev075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents