VYPR

pypi · Malicious package advisory

Malware

request-cache-py

MAL-2026-6245

Malicious code in request-cache-py (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea)
request-cache-py impersonates the legitimate requests-cache HTTP caching library. On `import request_cache_py`, the package's `__init__.py` starts a background thread that harvests installer-side secrets and POSTs them to a hardcoded attacker Telegram bot.

Observed behaviors:
- Reads private keys and credentials from `~/.ssh/` (`id_rsa`, `id_ed25519`, `id_ecdsa`, `id_dsa`), `~/.aws/credentials`, `~/.aws/config`, `~/.gitconfig`, `~/.git-credentials`, `~/.npmrc`, `~/.pypirc`, `~/.dockercfg`, `~/.docker/config.json`, plus gcloud and vscode settings.
- Copies Chrome/Edge/Safari `Login Data`, `Cookies`, and `History` SQLite databases to `/tmp` and extracts saved logins, cookies, and browsing history (`SELECT origin_url, username_value FROM logins`; `SELECT host_key, name, value, path FROM cookies`).
- Iterates `os.environ` and exfiltrates any variable whose name contains `key`, `token`, `secret`, `password`, `api`, or `auth`.
- Posts the collected data to `https://api.telegram.org/bot<redacted>/sendMessage` with a fixed `chat_id`. The bot token and chat id are base64-split across pieces and reassembled at runtime to evade scanners.
- Includes sandbox-evasion: `_should_skip()` aborts when `CI`, `GITHUB_ACTIONS`, `TRAVIS`, `JENKINS_HOME`, `CIRCLECI`, `/.dockerenv`, or hypervisor markers are present, restricting execution to real developer workstations. A `~/.cache/.pyrc` marker suppresses repeat sends within 24 hours.

The combination — name impersonation of a popular library, import-time credential harvest from classic developer secret paths, browser database theft, env scraping, base64-obfuscated C2, sandbox evasion — is a deliberate supply-chain credential stealer targeting human developers.

## Source: kam193 (d027c4b6379310432f96b48dc78c73ddf1346052c5ab16ea6ed4fe3fc0754d08)
During import, package exfiltrates browsers data, SSH keys and other credential files, env variables and other sensitive data.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-06-request-cache-py


Reasons (based on the campaign):


 - infostealer


 - exfiltration-env-variables


 - exfiltration-ssh-keys


 - impersonation


 - A Telegram webhook is used to send collected data.


 - exfiltration-browser-data


 - The package contains code to detect if it is running in a sandbox environment.


 - exfiltration-credentials


 - The malicious code is intentionally included in a dependency of the package

Compromised versions (11)

  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • 1.0.7
  • 1.0.8
  • 1.0.9
  • 1.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.