mal-2026-6082
Vulnerability from ossf_malicious_packages
Published
2026-06-17 21:35
Modified
2026-06-18 20:21
Summary
Malicious code in dotenv-sync (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1)

On Windows, src/envsync/__init__.py (lines 39-44) unconditionally calls ctypes.CDLL on a bundled ~2.9MB PE file _parser.pyd at top-level import, wrapped in try:... except: pass. Loading a PE via ctypes.CDLL invokes LoadLibraryA, which executes the DLL's DllMain entry point — arbitrary native code runs on every import dotenv_sync / import envsync with the installer's user privileges, silently. No symbol from the.pyd is ever called from Python; the sole effect of the CDLL call is to execute the binary. The package's README advertises 'zero dependencies', 'Pure Python parser', and 'nothing to audit', and a ~60-line pure-Python parser already exists in parse.py — so the native load is undisclosed and unnecessary for the advertised functionality. pyproject.toml line 78 force-includes two byte-identical copies of the PE (_parser.pyd and __parser.pyd, sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3) into both the wheel and sdist; the binaries' strings show only register-save prologues with no readable text, imports, or URLs — consistent with a packed payload. There is no Extension(), no setuptools/maturin/cmake build configuration, and no source for the binary. The dotenv-sync name and dotenv-sync/envsync CLI entries impersonate the python-dotenv / dotenv-linter / npm envsync ecosystem; author is generic ('envsync contributors') and all project URLs point only at the package's own PyPI page, with no inspectable upstream.

Source: kam193 (8fa0ec08d0cd452a37bf602615f61dfbbdab27d55180f1e09f53a218b18673f5)

During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the encrypted payload in it for further execution (T1055.012). The code uses heavy analysis evasion techniques. Decrypted payload revealed capabilities to steal all kind of credentials (browsers data, AI tools, env variables, SSH keys, ...), inject code to redirect cryptocurrency transactions, spy-like activities (screenshots, keylogger) and worm-like activities using discovered GitHub tokens to publish malicious code into CI. It establishes persistence in %LOCALAPPDATA%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe and also attempts to perform lateral movement in Kubernetes and AWS environments.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-syncagents

Reasons (based on the campaign):

  • native-extension

  • infostealer

  • worm

  • exfiltration-crypto

  • exfiltration-credentials

  • uses-telegram-bot

  • keylogger

  • clipboard-stealing

  • exfiltration-ssh-keys

  • The package contains code to detect if it is running in a sandbox environment.

  • obfuscation

  • exfiltration-browser-data

  • exfiltration-env-variables

  • persistence

CWE
  • CWE-506 - The product contains code that appears to be malicious in nature.
Credits
Amazon Inspector inspector-research@amazon.com
Kamil Mańkowski (kam193) github.com/kam193 bad-packages.kam193.eu/
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "src/envsync/__init__.py",
              "sha256": "8e221d242133f7e260d8479d89c69e2ddf8623d81fdba7c803a3ddf17555658a",
              "tlsh": "a901bd01c0208a42688c8299aca4d8aa0e9126b30d2938193fcc210c6f7df4fb6f6b08"
            },
            {
              "path": "pyproject.toml",
              "sha256": "b5f81c9d0dc803090a6f1f54d9733f1d1a5ffd179d2a748014f60131f352375b",
              "tlsh": "db5111e3c5c81d226a80b459a0a828089972d6831fc078dd37a942cd4f0ee6fc0ff5ad"
            }
          ],
          "package_integrity": [
            {
              "filename": "dotenv_sync-1.0.0-py3-none-any.whl",
              "hashes": {
                "blake2b_256": "859aa21e61e385545b4a6191b31bddc4622d130fb2b7ecb5fd7d07d944cb3b0c",
                "md5": "bd148b604fef8da959bbd8886c7fa3eb",
                "sha256": "aa82de8f8f4cc3a926eba2f7f18bec85583712d9b3d46f2c0b6e858d85fb4b89"
              }
            },
            {
              "filename": "dotenv_sync-1.0.0.tar.gz",
              "hashes": {
                "blake2b_256": "f8df19bbdb7a8c3058ed1893c1f8f04a523c53f00dee2f8bfaff7d4e80829cef",
                "md5": "ff0d5ac3a82d270a5f9feaba57f9c566",
                "sha256": "7b8ad4c0591c3550d80cd44443fe706aaa239e7d9aa625a49f7a4b5bfeac575e"
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "dotenv-sync"
      },
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "inspector-research@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    },
    {
      "contact": [
        "https://github.com/kam193",
        "https://bad-packages.kam193.eu/"
      ],
      "name": "Kamil Ma\u0144kowski (kam193)",
      "type": "REPORTER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "id": "pypi/2026-06-syncagents/dotenv-sync",
        "import_time": "2026-06-17T21:42:20.129541411Z",
        "modified_time": "2026-06-17T21:35:47.438796Z",
        "sha256": "8fa0ec08d0cd452a37bf602615f61dfbbdab27d55180f1e09f53a218b18673f5",
        "source": "kam193",
        "versions": [
          "1.0.0"
        ]
      },
      {
        "id": "IN-MAL-2026-007032",
        "import_time": "2026-06-18T20:19:41.950883102Z",
        "modified_time": "2026-06-18T19:36:23Z",
        "sha256": "c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1",
        "source": "amazon-inspector",
        "versions": [
          "1.0.0"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1)\nOn Windows, `src/envsync/__init__.py` (lines 39-44) unconditionally calls `ctypes.CDLL` on a bundled ~2.9MB PE file `_parser.pyd` at top-level import, wrapped in `try:... except: pass`. Loading a PE via `ctypes.CDLL` invokes `LoadLibraryA`, which executes the DLL\u0027s `DllMain` entry point \u2014 arbitrary native code runs on every `import dotenv_sync` / `import envsync` with the installer\u0027s user privileges, silently. No symbol from the.pyd is ever called from Python; the sole effect of the CDLL call is to execute the binary. The package\u0027s README advertises \u0027zero dependencies\u0027, \u0027Pure Python parser\u0027, and \u0027nothing to audit\u0027, and a ~60-line pure-Python parser already exists in `parse.py` \u2014 so the native load is undisclosed and unnecessary for the advertised functionality. `pyproject.toml` line 78 force-includes two byte-identical copies of the PE (`_parser.pyd` and `__parser.pyd`, sha256 `b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3`) into both the wheel and sdist; the binaries\u0027 strings show only register-save prologues with no readable text, imports, or URLs \u2014 consistent with a packed payload. There is no `Extension()`, no setuptools/maturin/cmake build configuration, and no source for the binary. The `dotenv-sync` name and `dotenv-sync`/`envsync` CLI entries impersonate the python-dotenv / dotenv-linter / npm envsync ecosystem; author is generic (\u0027envsync contributors\u0027) and all project URLs point only at the package\u0027s own PyPI page, with no inspectable upstream.\n\n## Source: kam193 (8fa0ec08d0cd452a37bf602615f61dfbbdab27d55180f1e09f53a218b18673f5)\nDuring import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the encrypted payload in it for further execution (T1055.012). The code uses heavy analysis evasion techniques. Decrypted payload revealed capabilities to steal all kind of credentials (browsers data, AI tools, env variables, SSH keys, ...), inject code to redirect cryptocurrency transactions, spy-like activities (screenshots, keylogger) and worm-like activities using discovered GitHub tokens to publish malicious code into CI. It establishes persistence in `%LOCALAPPDATA%\\Microsoft\\EdgeUpdate\\MicrosoftEdgeUpdate.exe` and also attempts to perform lateral movement in Kubernetes and AWS environments.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-syncagents\n\n\nReasons (based on the campaign):\n\n\n - native-extension\n\n\n - infostealer\n\n\n - worm\n\n\n - exfiltration-crypto\n\n\n - exfiltration-credentials\n\n\n - uses-telegram-bot\n\n\n - keylogger\n\n\n - clipboard-stealing\n\n\n - exfiltration-ssh-keys\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n\n\n - obfuscation\n\n\n - exfiltration-browser-data\n\n\n - exfiltration-env-variables\n\n\n - persistence\n",
  "id": "MAL-2026-6082",
  "modified": "2026-06-18T20:21:32Z",
  "published": "2026-06-17T21:35:47Z",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://www.virustotal.com/gui/file/b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3/detection"
    },
    {
      "type": "EVIDENCE",
      "url": "https://www.virustotal.com/gui/file/7b58136e8884b65ca9a62dc9b2698dc0904b06dbb772d96ad3c3d31934dc6865/detection"
    },
    {
      "type": "EVIDENCE",
      "url": "https://hybrid-analysis.com/sample/b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3"
    },
    {
      "type": "WEB",
      "url": "https://bad-packages.kam193.eu/pypi/package/dotenv-sync"
    },
    {
      "type": "PACKAGE",
      "url": "https://pypi.org/project/dotenv-sync/1.0.0/"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in dotenv-sync (PyPI)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.