mal-2026-6081
Vulnerability from ossf_malicious_packages
Published
2026-06-17 21:34
Modified
2026-06-18 20:21
Summary
Malicious code in disksweep (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e)

On every import disksweep, the package's top-level src/disksweep/__init__.py (lines 18-24) calls ctypes.CDLL on a 2.9 MB Windows binary (_parser.pyd) shipped inside the wheel. Loading a Windows PE via ctypes.CDLL invokes the DLL's DllMain(DLL_PROCESS_ATTACH) entry point, executing whatever native code the binary contains in the importing process. No Python code in the package ever calls into the DLL — it is loaded purely for its load-time side effects, and any exception is silently swallowed (except: pass). The README explicitly advertises 'Zero dependencies. Nothing to audit.' and the pure-Python scan.py already implements the full scanner functionality, so the binary's presence is unjustified by the advertised feature set. pyproject.toml (lines 87, 90) additionally force-includes a byte-identical copy of the binary under a second name (__parser.pyd, sha256 b1aace6c…f83c3, 2,905,600 bytes) that has no Python reference — a redundancy pattern consistent with AV-evasion / fallback-loading rather than a legitimate native acceleration library. Any Windows host that runs pip install disksweep followed by import disksweep, or invokes the disksweep/sweep CLI (which imports the package), will execute the opaque native code.

Source: kam193 (3bc79bc0cdfcad5c0e383a83f621365a84be1090e44364974ee8ec2bf1a12942)

During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the encrypted payload in it for further execution (T1055.012). The code uses heavy analysis evasion techniques. Decrypted payload revealed capabilities to steal all kind of credentials (browsers data, AI tools, env variables, SSH keys, ...), inject code to redirect cryptocurrency transactions, spy-like activities (screenshots, keylogger) and worm-like activities using discovered GitHub tokens to publish malicious code into CI. It establishes persistence in %LOCALAPPDATA%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe and also attempts to perform lateral movement in Kubernetes and AWS environments.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-syncagents

Reasons (based on the campaign):

  • native-extension

  • infostealer

  • worm

  • exfiltration-crypto

  • exfiltration-credentials

  • uses-telegram-bot

  • keylogger

  • clipboard-stealing

  • exfiltration-ssh-keys

  • The package contains code to detect if it is running in a sandbox environment.

  • obfuscation

  • exfiltration-browser-data

  • exfiltration-env-variables

  • persistence

CWE
  • CWE-506 - The product contains code that appears to be malicious in nature.
Credits
Amazon Inspector inspector-research@amazon.com
Kamil Mańkowski (kam193) github.com/kam193 bad-packages.kam193.eu/
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "src/disksweep/__init__.py",
              "sha256": "48908f78831e512520fdb1773c1ba73d6509ed28c8137e14394263ed2e89a058",
              "tlsh": "aef0a31148740922d09ec3ce5474ccf00b3124e35d25587c7b991538af9dbcdb7d566d"
            },
            {
              "path": "pyproject.toml",
              "sha256": "248dbd1707c3cc66b41e64dd92de313d79d80560a93636f6b27e6ae1d884cff4",
              "tlsh": "ae51fe7bc8d40d7c5660b05a64388804f865478f6394645b31b8418d0f7e6aec2ff4b5"
            }
          ],
          "package_integrity": [
            {
              "filename": "disksweep-1.0.0-py3-none-any.whl",
              "hashes": {
                "blake2b_256": "18e10b284c14ad17d9f14a6e142eab103f1be71a5e057d9ed638c29735ecb8c6",
                "md5": "4fc293cac03993d408756e4eb792df2a",
                "sha256": "8b9e396e2c4e48e5d73300595ebb621c1bd667549ce21d46e90c4715bb694a42"
              }
            },
            {
              "filename": "disksweep-1.0.0.tar.gz",
              "hashes": {
                "blake2b_256": "ca1a7bb5c1fb1ccf4dcea0e00456c36f7339e236ed229628d717de36a6553e90",
                "md5": "13c895e6fa82efee10a19394b4fb47f6",
                "sha256": "520ea669f80215e41142709cc62ff8cc184810f7ca1bda646fff89fc42262ffa"
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "disksweep"
      },
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "inspector-research@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    },
    {
      "contact": [
        "https://github.com/kam193",
        "https://bad-packages.kam193.eu/"
      ],
      "name": "Kamil Ma\u0144kowski (kam193)",
      "type": "REPORTER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "id": "pypi/2026-06-syncagents/disksweep",
        "import_time": "2026-06-17T21:42:20.128411569Z",
        "modified_time": "2026-06-17T21:34:55.578581Z",
        "sha256": "3bc79bc0cdfcad5c0e383a83f621365a84be1090e44364974ee8ec2bf1a12942",
        "source": "kam193",
        "versions": [
          "1.0.0"
        ]
      },
      {
        "id": "IN-MAL-2026-007035",
        "import_time": "2026-06-18T20:19:42.506017374Z",
        "modified_time": "2026-06-18T19:37:04Z",
        "sha256": "5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e",
        "source": "amazon-inspector",
        "versions": [
          "1.0.0"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e)\nOn every `import disksweep`, the package\u0027s top-level `src/disksweep/__init__.py` (lines 18-24) calls `ctypes.CDLL` on a 2.9 MB Windows binary (`_parser.pyd`) shipped inside the wheel. Loading a Windows PE via `ctypes.CDLL` invokes the DLL\u0027s `DllMain(DLL_PROCESS_ATTACH)` entry point, executing whatever native code the binary contains in the importing process. No Python code in the package ever calls into the DLL \u2014 it is loaded purely for its load-time side effects, and any exception is silently swallowed (`except: pass`). The README explicitly advertises \u0027Zero dependencies. Nothing to audit.\u0027 and the pure-Python `scan.py` already implements the full scanner functionality, so the binary\u0027s presence is unjustified by the advertised feature set. `pyproject.toml` (lines 87, 90) additionally force-includes a byte-identical copy of the binary under a second name (`__parser.pyd`, sha256 b1aace6c\u2026f83c3, 2,905,600 bytes) that has no Python reference \u2014 a redundancy pattern consistent with AV-evasion / fallback-loading rather than a legitimate native acceleration library. Any Windows host that runs `pip install disksweep` followed by `import disksweep`, or invokes the `disksweep`/`sweep` CLI (which imports the package), will execute the opaque native code.\n\n## Source: kam193 (3bc79bc0cdfcad5c0e383a83f621365a84be1090e44364974ee8ec2bf1a12942)\nDuring import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the encrypted payload in it for further execution (T1055.012). The code uses heavy analysis evasion techniques. Decrypted payload revealed capabilities to steal all kind of credentials (browsers data, AI tools, env variables, SSH keys, ...), inject code to redirect cryptocurrency transactions, spy-like activities (screenshots, keylogger) and worm-like activities using discovered GitHub tokens to publish malicious code into CI. It establishes persistence in `%LOCALAPPDATA%\\Microsoft\\EdgeUpdate\\MicrosoftEdgeUpdate.exe` and also attempts to perform lateral movement in Kubernetes and AWS environments.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-syncagents\n\n\nReasons (based on the campaign):\n\n\n - native-extension\n\n\n - infostealer\n\n\n - worm\n\n\n - exfiltration-crypto\n\n\n - exfiltration-credentials\n\n\n - uses-telegram-bot\n\n\n - keylogger\n\n\n - clipboard-stealing\n\n\n - exfiltration-ssh-keys\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n\n\n - obfuscation\n\n\n - exfiltration-browser-data\n\n\n - exfiltration-env-variables\n\n\n - persistence\n",
  "id": "MAL-2026-6081",
  "modified": "2026-06-18T20:21:32Z",
  "published": "2026-06-17T21:34:55Z",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://www.virustotal.com/gui/file/b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3/detection"
    },
    {
      "type": "EVIDENCE",
      "url": "https://www.virustotal.com/gui/file/7b58136e8884b65ca9a62dc9b2698dc0904b06dbb772d96ad3c3d31934dc6865/detection"
    },
    {
      "type": "EVIDENCE",
      "url": "https://hybrid-analysis.com/sample/b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3"
    },
    {
      "type": "WEB",
      "url": "https://bad-packages.kam193.eu/pypi/package/disksweep"
    },
    {
      "type": "PACKAGE",
      "url": "https://pypi.org/project/disksweep/1.0.0/"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in disksweep (PyPI)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.