VYPR

pypi · Malicious package advisory

Malware

paysafe-sdk

MAL-2026-6929

Malicious code in paysafe-sdk (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626)
Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a payments client. The public PaysafeClient class exposes stub methods; PaysafeClient.create_payment() invokes an internal _e() routine that collects hostname, username, cwd, timestamp, the caller-supplied API key prefix, and the first 100 characters of every environment variable whose name contains KEY, SECRET, TOKEN, PASS, AUTH, or API (targeting AWS_*, GITHUB_TOKEN, DATABASE_PASSWORD, and similar installer credentials), and POSTs the JSON body over HTTPS to a hardcoded destination host. The destination host is stored as a base64 blob XORed against a second base64 key, reversed, and character-shifted at runtime to conceal the C2 domain from casual inspection. A helper _h() aborts the exfiltration when platform.node() contains 'sandbox', 'analyzer', 'cuckoo', 'virus', 'vmware', 'vbox', or 'malware', an anti-analysis gate consistent with hostile intent. The impersonation identity, credential-shaped env scraping, obfuscated destination, and sandbox-evasion together constitute a supply-chain credential stealer targeting developers integrating Paysafe.

## Source: kam193 (ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8)
When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-07-paysafe-api


Reasons (based on the campaign):


 - exfiltration-env-variables


 - dependency-confusion


 - action-hidden-in-lib-usage


 - The package contains code to detect if it is running in a sandbox environment.


 - obfuscation

Compromised versions (1)

  • 1.0.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.