Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in cosmos-gradio (PyPI)

cosmos-gradio

Risk score

92

AI summary

Indexed incident for cosmos-gradio (pypi).

Description

cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-version resolution on installers that mix a private index with PyPI. setup.py (executed at sdist build/install) and cosmos_gradio/init.py (executed on import) run the same beacon that collects the installer's hostname, OS username, and current working directory and transmits them to the hardcoded domain oob.asyncrun.in via two channels: (1) a DNS lookup where the '|' pair is base32-encoded into a subdomain label under oob.asyncrun.in (out-of-band DNS exfiltration that works even when HTTP egress is blocked), and (2) an HTTP GET carrying the same fields as query-string parameters, with HTTPS attempted first and a plaintext-HTTP fallback. The package name collides with a plausible internal 'cosmos-gradio' package and the release is sdist-only specifically to force setup.py execution on pip install.

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Technical details

Affected versions

=9999.0.0=9999.0.1

Indicators

  • affected version=9999.0.075%
  • affected version=9999.0.175%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents