pypi · Malicious package advisory
Malwaremetemask-sdk
MAL-2026-10197
Malicious code in metemask-sdk (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (a99855c93b46f7b996a005065c319bbb24c9d1f497d05dfd38fc83d1b21facdd) metemask-sdk is a typosquat of the legitimate metamask-sdk package. On import, the top-level __init__.py performs an outbound HTTP fetch to https://gateway.pinata.cloud/ipfs/QmWMbuhKt24ssRKXCeiU94NoZGYcEunGnm6uvSKRwkejYP, passes the response body to exec(), and then invokes a main() function from the executed namespace. No integrity check (hash/signature) is performed on the fetched content, the fetch is wrapped in a bare try/except to suppress errors, and the IPFS CID resolves to attacker-controlled content that can change arbitrarily. The package's advertised public API (connect, sign_message, get_balance) is a non-functional stub that returns constants and random bytes, serving as a facade for the import-time dropper. ## Source: kam193 (0f59169bc0b142713f95865c41501f7eade6b73d1aea633262e40d514e6b6546) During import, the code downloads and executes a remote script. The script collects sensitive files, including cryptocurrency wallet private keys and seeds, SSH keys, dotenv files and uploads them to IPFS. After that, it communicates with C2 and awaits further commands to execute. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-metemask-sdk Reasons (based on the campaign): - files-exfiltration - typosquatting - exfiltration-ssh-keys - crypto-related - Downloads and executes a remote malicious script. - exfiltration-crypto - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - uses:ipfs
Compromised versions (2)
- 1.2.0
- 1.2.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.