pypi · Malicious package advisory
Malwarerequest-cache-py
MAL-2026-6245
Malicious code in request-cache-py (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea) request-cache-py impersonates the legitimate requests-cache HTTP caching library. On `import request_cache_py`, the package's `__init__.py` starts a background thread that harvests installer-side secrets and POSTs them to a hardcoded attacker Telegram bot. Observed behaviors: - Reads private keys and credentials from `~/.ssh/` (`id_rsa`, `id_ed25519`, `id_ecdsa`, `id_dsa`), `~/.aws/credentials`, `~/.aws/config`, `~/.gitconfig`, `~/.git-credentials`, `~/.npmrc`, `~/.pypirc`, `~/.dockercfg`, `~/.docker/config.json`, plus gcloud and vscode settings. - Copies Chrome/Edge/Safari `Login Data`, `Cookies`, and `History` SQLite databases to `/tmp` and extracts saved logins, cookies, and browsing history (`SELECT origin_url, username_value FROM logins`; `SELECT host_key, name, value, path FROM cookies`). - Iterates `os.environ` and exfiltrates any variable whose name contains `key`, `token`, `secret`, `password`, `api`, or `auth`. - Posts the collected data to `https://api.telegram.org/bot<redacted>/sendMessage` with a fixed `chat_id`. The bot token and chat id are base64-split across pieces and reassembled at runtime to evade scanners. - Includes sandbox-evasion: `_should_skip()` aborts when `CI`, `GITHUB_ACTIONS`, `TRAVIS`, `JENKINS_HOME`, `CIRCLECI`, `/.dockerenv`, or hypervisor markers are present, restricting execution to real developer workstations. A `~/.cache/.pyrc` marker suppresses repeat sends within 24 hours. The combination — name impersonation of a popular library, import-time credential harvest from classic developer secret paths, browser database theft, env scraping, base64-obfuscated C2, sandbox evasion — is a deliberate supply-chain credential stealer targeting human developers. ## Source: kam193 (d027c4b6379310432f96b48dc78c73ddf1346052c5ab16ea6ed4fe3fc0754d08) During import, package exfiltrates browsers data, SSH keys and other credential files, env variables and other sensitive data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-request-cache-py Reasons (based on the campaign): - infostealer - exfiltration-env-variables - exfiltration-ssh-keys - impersonation - A Telegram webhook is used to send collected data. - exfiltration-browser-data - The package contains code to detect if it is running in a sandbox environment. - exfiltration-credentials - The malicious code is intentionally included in a dependency of the package
Compromised versions (11)
- 1.0.0
- 1.0.1
- 1.0.2
- 1.0.3
- 1.0.4
- 1.0.5
- 1.0.6
- 1.0.7
- 1.0.8
- 1.0.9
- 1.1.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.