mal-2026-6711
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (d9903cc9163ada9951dee4ee1f364648cac0e492df9a32582ad3ed8303d29231)
twrap_tool/init.py defines two public functions, format_block and align_columns, whose real behavior is to fetch a Python file from raw.githubusercontent.com/TextStack-Devs/twrap-toolkit at v1.0.0 via urllib.request.urlopen, read the response body, and pass it directly to exec() in the caller's Python process. The advertised text-wrapping logic is a decoy (format_block only returns text[:width]). The fetch target is a mutable tag reference with no hash or signature verification, so the served payload can be changed by the repository owner at any time after publish. Any consumer that calls the library runs arbitrary attacker-controlled Python with the caller's privileges. The package name and generic 'advanced text wrapping' description are consistent with a typosquat of Python's stdlib textwrap.
Source: kam193 (aed9fa265dc6118c1b0e349063d65cb949ab7a7eccccdc9b56a69a487ff05365)
Package is a copy of a previous malicious package, but the remote code URL was not yet active during the analysis.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-textwrap-toolkit-stager
Reasons (based on the campaign):
-
backdoor
-
obfuscation
-
crypto-related
-
Downloads and executes a remote malicious script.
-
exfiltration-crypto
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "twrap_tool/__init__.py",
"sha256": "6641c58d2ea5ba24cd23e82cda68030a1ba96c4c4a2bab2f0150e1517c568db2",
"tlsh": "2111ba4bdc219c97c6678078609aed64a26e790bab1aa474bf4c875c1f08a31d1b208c"
},
{
"path": "setup.py",
"sha256": "92a520f3e9803519c0912ad9cb06273ef6aa5e6707ff1a097492765466327753",
"tlsh": "f0d097054ca22288c880843b2c92a042363e23273f6090c872cc03082b0e3ab8b2a189"
}
],
"package_integrity": [
{
"filename": "twrap_tool-1.0.0-py3-none-any.whl",
"hashes": {
"blake2b_256": "d0f39ba61b55f5d2fe02d69969fabae34c23c12113bce60d3855f156d7887875",
"md5": "4de32eee89934a6b3379a5395d36e074",
"sha256": "c163192917f2d6cf9afca43d807b56b880277f7b557d742b7400e9e66bcc19b7"
}
},
{
"filename": "twrap_tool-1.0.0.tar.gz",
"hashes": {
"blake2b_256": "2900e046419a047ce9a732a0076e922cd5bbbfa501900b76037140ab718230bf",
"md5": "bb7f8b136844808e2cecc673f3291c85",
"sha256": "8450e5e5f14687b4a5f64b4ed8f13a4093d4f7e6f716c90a7a01aef984166cc5"
}
}
]
}
},
"package": {
"ecosystem": "PyPI",
"name": "twrap-tool"
},
"versions": [
"1.0.0"
]
}
],
"credits": [
{
"contact": [
"inspector-research@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
},
{
"contact": [
"https://github.com/kam193",
"https://bad-packages.kam193.eu/"
],
"name": "Kamil Ma\u0144kowski (kam193)",
"type": "REPORTER"
}
],
"database_specific": {
"iocs": {
"ips": [
"194.5.152.9"
],
"urls": [
"http://194.5.152.9:5555/report",
"http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py",
"http://194.5.152.9:5555/tao"
]
},
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-007876",
"import_time": "2026-07-01T20:12:12.449176731Z",
"modified_time": "2026-07-01T20:05:39Z",
"sha256": "d9903cc9163ada9951dee4ee1f364648cac0e492df9a32582ad3ed8303d29231",
"source": "amazon-inspector",
"versions": [
"1.0.0"
]
},
{
"id": "pypi/2026-06-textwrap-toolkit-stager/twrap-tool",
"import_time": "2026-07-01T22:54:52.14907267Z",
"modified_time": "2026-07-01T21:56:04.748916Z",
"sha256": "aed9fa265dc6118c1b0e349063d65cb949ab7a7eccccdc9b56a69a487ff05365",
"source": "kam193",
"versions": [
"1.0.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (d9903cc9163ada9951dee4ee1f364648cac0e492df9a32582ad3ed8303d29231)\ntwrap_tool/__init__.py defines two public functions, format_block and align_columns, whose real behavior is to fetch a Python file from raw.githubusercontent.com/TextStack-Devs/twrap-toolkit at v1.0.0 via urllib.request.urlopen, read the response body, and pass it directly to exec() in the caller\u0027s Python process. The advertised text-wrapping logic is a decoy (format_block only returns text[:width]). The fetch target is a mutable tag reference with no hash or signature verification, so the served payload can be changed by the repository owner at any time after publish. Any consumer that calls the library runs arbitrary attacker-controlled Python with the caller\u0027s privileges. The package name and generic \u0027advanced text wrapping\u0027 description are consistent with a typosquat of Python\u0027s stdlib textwrap.\n\n## Source: kam193 (aed9fa265dc6118c1b0e349063d65cb949ab7a7eccccdc9b56a69a487ff05365)\nPackage is a copy of a previous malicious package, but the remote code URL was not yet active during the analysis.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-textwrap-toolkit-stager\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - obfuscation\n\n\n - crypto-related\n\n\n - Downloads and executes a remote malicious script.\n\n\n - exfiltration-crypto\n",
"id": "MAL-2026-6711",
"modified": "2026-07-01T22:56:41Z",
"published": "2026-07-01T20:05:39Z",
"references": [
{
"type": "PACKAGE",
"url": "https://pypi.org/project/twrap-tool/1.0.0/"
},
{
"type": "WEB",
"url": "https://bad-packages.kam193.eu/pypi/package/twrap-tool"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in twrap-tool (PyPI)"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.