Malicious code in fflask (PyPI)
Malicious code was published in the fflask package on PyPI. Importing the module triggers an infostealer that exfiltrates data and establishes persistence via autorun directory. The package appears to be a typosquatting attack on a legitimate Flask-related package.
- Disclosed
- Last updated
- Blast radius
- All users who installed the malicious fflask package from PyPI
- Ecosystems
- Attack vectors
- Threat actor
- Affected entities
- fflaskMalicious package on PyPI
The fflask package published on PyPI contained malicious code designed to steal information and establish persistence on affected systems. Upon import, the module downloads and executes a remote executable that functions as an infostealer.
The malicious payload attempts to exfiltrate sensitive data including browser data and cryptocurrency-related information. It establishes persistence through the Windows autorun directory, ensuring the malware persists across system reboots.
The package name appears to be a typosquatting attack, likely targeting users searching for legitimate Flask packages. The campaign is tracked as 2024-12-reqesst and was identified by the OpenSSF's malicious-packages project.
The incident was disclosed on 2026-07-15 via GitHub Security Advisory GHSA-mpw9-j6mm-f9gc.
Indicators of compromise
- Packages
- fflask
Remediation
- Immediately uninstall the fflask package from all systems
- Scan affected systems for the infostealer malware and remove it
- Review browser data and cryptocurrency wallet access for unauthorized activity
- Change passwords for accounts accessed from affected systems
- Monitor for signs of persistence mechanisms in autorun directories
- Use only verified, legitimate Flask packages from trusted sources
- Implement package verification and scanning in dependency management workflows
Sources
- GitHub Advisory GHSA-mpw9-j6mm-f9gc · GitHub Advisory Database
Cite this entry
"Malicious code in fflask (PyPI)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 15, 2026; last updated July 15, 2026. https://supplychainattack.org/incident/malicious-code-in-fflask-pypi-qnw9db
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedcritical
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages impersonating Paysafe, Skrill, and Neteller SDKs were published on npm and PyPI, delivering stealer malware designed to harvest credentials from developers and application users.
npmPyPITyposquattingCompromised package - activehigh
Malicious PyPI packages give hackers control of Telegram bot servers
A campaign active since November 2025 has distributed malicious PyPI packages—trojanized Pyrogram forks—targeting Python developers building Telegram bots. The compromised packages allow attackers to read arbitrary files on affected servers.
PyPICompromised packageTyposquatting - containedcritical
Malicious code in github.com/utilizedsun/layout (Go)
Malicious Go package github.com/utilizedsun/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functions as a loader to download and execute additional malicious payloads.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/belatedplanet/hypert (Go)
A malicious Go package github.com/belatedplanet/hypert was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
GoTyposquattingCompromised package