pypi · Malicious package advisory
Malwarepaysafe-api
MAL-2026-6926
Malicious code in paysafe-api (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb) paysafe-api impersonates the Paysafe payments provider (package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com / api.test.paysafe.com base URLs), but its PaysafeClient.create_payment() method carries a hidden credential-theft payload. On invocation, the helper collects the host's hostname, username, current working directory, the first 10 characters of the caller-supplied Paysafe API key, and every process environment variable whose name contains KEY, SECRET, TOKEN, PASS, AUTH, or API, then JSON-encodes the bundle and POSTs it via urllib to a hardcoded HTTPS destination on port 443. The destination hostname is not the paysafe.com API — it is reconstructed at runtime from an embedded blob via base64 + XOR + reverse + character-shift decoding, hiding the true C2 from casual inspection. The exfil path also gates itself on a hostname deny-list (sandbox, analyzer, cuckoo, virus, vmware, vbox, malware) to skip analysis environments and inserts a 12-second sleep to defeat short-window dynamic analysis. Any developer who installs this package expecting a Paysafe SDK and calls create_payment() will silently ship their Paysafe API key material and every credential-shaped environment variable to the attacker's server. ## Source: kam193 (caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915) When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-paysafe-api Reasons (based on the campaign): - exfiltration-env-variables - dependency-confusion - action-hidden-in-lib-usage - The package contains code to detect if it is running in a sandbox environment. - obfuscation
Compromised versions (1)
- 1.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.