VYPR

pypi · Malicious package advisory

Malware

rlask

MAL-2026-5303

Malicious code in rlask (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (89a034f9ba4356799034d728884eccecf5c53779d85280556419cda38e671a30)
The package name 'rlask' is a single-character edit of the popular 'flask' package. METADATA declares 'Maintainer-email: Pallets <contact@palletsprojects.com>', and entry_points.txt registers 'flask=flask.cli:main' rather than an rlask-specific entry — indicating the distribution is a verbatim repackaging of Flask 3.1.x source while falsely advertising Pallets maintainership. The exported API (Flask, Blueprint, Config, request, session, etc.) mirrors Flask's surface. No exfiltration, install-time hooks, subprocess execution, credential reads, or outbound network I/O were observed in the shipped code. The risk is name confusion plus forged maintainer identity: a developer who mistypes 'pip install flask' as 'pip install rlask' receives a package that shadows the real Flask, controlled by an author who is not Pallets and could push a malicious update at any time. Routing to human review per the typosquat handling discipline — name-confusion judgments and impersonated-maintainer attributions should be confirmed by a human before publication.

## Source: kam193 (baacd735e23c83962845507427fa53c89bdc2e8e0456dbbce6f00a91bf4fe002)
Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using Bun runtime on Python startup. It collectes all kinds of sensitive data, including API keys, credentials to package repositories, cryptocurrency assets, password manager data. Infostealer actively queries online services to collect additional secrets as well as attempts to gain persistence and spread further by publishing infected packages using collected credentials. Data are exfiltrated likely using Github. The code seems to threaten to wipe the user's data if it detects invalid GitHub tokens. Cleanup should be done with caution.

It seems to be related to the recent Mini Shai Hulud campaign.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-06-compr-woodpecker


Reasons (based on the campaign):


 - compromised-package


 - exfiltration-env-variables


 - exfiltration-cloud-tokens


 - exfiltration-credentials


 - abuses-pth


 - obfuscation


 - infostealer


 - The package contains code to detect if it is running in a sandbox environment.


 - exfiltration-crypto


 - files-exfiltration


 - destructive-actions

Compromised versions (5)

  • 3.1.3
  • 3.1.4
  • 3.1.5
  • 3.1.6
  • 3.1.7

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.