Skip to content
supplychainattack.orgSupply chain attack incident catalog
resolvedcritical

Malicious code in fflask (PyPI)

Malicious code was published in the fflask package on PyPI. Importing the module triggers an infostealer that exfiltrates data and establishes persistence via autorun directory. The package appears to be a typosquatting attack on a legitimate Flask-related package.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
All users who installed the malicious fflask package from PyPI
Ecosystems
Attack vectors
Threat actor
Affected entities
  • fflaskMalicious package on PyPI

The fflask package published on PyPI contained malicious code designed to steal information and establish persistence on affected systems. Upon import, the module downloads and executes a remote executable that functions as an infostealer.

The malicious payload attempts to exfiltrate sensitive data including browser data and cryptocurrency-related information. It establishes persistence through the Windows autorun directory, ensuring the malware persists across system reboots.

The package name appears to be a typosquatting attack, likely targeting users searching for legitimate Flask packages. The campaign is tracked as 2024-12-reqesst and was identified by the OpenSSF's malicious-packages project.

The incident was disclosed on 2026-07-15 via GitHub Security Advisory GHSA-mpw9-j6mm-f9gc.

Indicators of compromise

Packages
  • fflask

Remediation

  • Immediately uninstall the fflask package from all systems
  • Scan affected systems for the infostealer malware and remove it
  • Review browser data and cryptocurrency wallet access for unauthorized activity
  • Change passwords for accounts accessed from affected systems
  • Monitor for signs of persistence mechanisms in autorun directories
  • Use only verified, legitimate Flask packages from trusted sources
  • Implement package verification and scanning in dependency management workflows

Sources

  1. GitHub Advisory GHSA-mpw9-j6mm-f9gc · GitHub Advisory Database

Cite this entry

"Malicious code in fflask (PyPI)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 15, 2026; last updated July 15, 2026. https://supplychainattack.org/incident/malicious-code-in-fflask-pypi-qnw9db

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. containedcritical

    Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

    Malicious packages impersonating Paysafe, Skrill, and Neteller SDKs were published on npm and PyPI, delivering stealer malware designed to harvest credentials from developers and application users.

    npmPyPITyposquattingCompromised package
  2. activehigh

    Malicious PyPI packages give hackers control of Telegram bot servers

    A campaign active since November 2025 has distributed malicious PyPI packages—trojanized Pyrogram forks—targeting Python developers building Telegram bots. The compromised packages allow attackers to read arbitrary files on affected servers.

    PyPICompromised packageTyposquatting
  3. containedcritical

    Malicious code in github.com/utilizedsun/layout (Go)

    Malicious Go package github.com/utilizedsun/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functions as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  4. resolvedcritical

    Malicious code in github.com/belatedplanet/hypert (Go)

    A malicious Go package github.com/belatedplanet/hypert was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package