pypi · Malicious package advisory
Malwarepaysafe-sdk
MAL-2026-6929
Malicious code in paysafe-sdk (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626) Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a payments client. The public PaysafeClient class exposes stub methods; PaysafeClient.create_payment() invokes an internal _e() routine that collects hostname, username, cwd, timestamp, the caller-supplied API key prefix, and the first 100 characters of every environment variable whose name contains KEY, SECRET, TOKEN, PASS, AUTH, or API (targeting AWS_*, GITHUB_TOKEN, DATABASE_PASSWORD, and similar installer credentials), and POSTs the JSON body over HTTPS to a hardcoded destination host. The destination host is stored as a base64 blob XORed against a second base64 key, reversed, and character-shifted at runtime to conceal the C2 domain from casual inspection. A helper _h() aborts the exfiltration when platform.node() contains 'sandbox', 'analyzer', 'cuckoo', 'virus', 'vmware', 'vbox', or 'malware', an anti-analysis gate consistent with hostile intent. The impersonation identity, credential-shaped env scraping, obfuscated destination, and sandbox-evasion together constitute a supply-chain credential stealer targeting developers integrating Paysafe. ## Source: kam193 (ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8) When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-paysafe-api Reasons (based on the campaign): - exfiltration-env-variables - dependency-confusion - action-hidden-in-lib-usage - The package contains code to detect if it is running in a sandbox environment. - obfuscation
Compromised versions (1)
- 1.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.