pypi · Malicious package advisory
Malwaretlask
MAL-2026-5305
Malicious code in tlask (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (ae87e0c65760999b8ff4e28d11505b15a71a1a46dd8d761122e3d9d8e2cd85b6) The package is published as 'tlask', a single-character edit of the widely used 'flask' package on PyPI. Metadata and module contents are copied verbatim from Pallets' Flask: METADATA Summary reads 'A simple framework for building complex web applications.', Project-URLs point to flask.palletsprojects.com and github.com/pallets/flask, and entry_points.txt declares 'flask=flask.cli:main'. The source files under tlask/ match Flask's own modules. No installer-harmful payload was identified — no network I/O, no exec/eval, no install or import-time hooks, no credential reads, and no lifecycle scripts that would execute attacker-controlled code on `pip install`. The risk is name-confusion: a developer who types `pip install tlask` rather than `pip install flask` receives a near-identical Flask clone they did not intentionally select, and the entry_points.txt also installs a `flask` console script that could shadow the real Flask CLI in some environments. Because the package contains no exfiltration, dropper, silent-relay, or credential-distribution behavior, naming-similarity alone is a subjective signal that warrants human review rather than an automatic block. ## Source: kam193 (2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2) Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using Bun runtime on Python startup. It collectes all kinds of sensitive data, including API keys, credentials to package repositories, cryptocurrency assets, password manager data. Infostealer actively queries online services to collect additional secrets as well as attempts to gain persistence and spread further by publishing infected packages using collected credentials. Data are exfiltrated likely using Github. The code seems to threaten to wipe the user's data if it detects invalid GitHub tokens. Cleanup should be done with caution. It seems to be related to the recent Mini Shai Hulud campaign. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-compr-woodpecker Reasons (based on the campaign): - compromised-package - exfiltration-env-variables - exfiltration-cloud-tokens - exfiltration-credentials - abuses-pth - obfuscation - infostealer - The package contains code to detect if it is running in a sandbox environment. - exfiltration-crypto - files-exfiltration - destructive-actions
Compromised versions (2)
- 3.1.3
- 3.1.4
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.