OSV ID
MAL-2026-5280
Ecosystem
pypi
Summary
bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup (system-wide, not only when bramin is imported). The.pth contains a single-line obfuscated payload using single-letter aliases (_O, _T, _G, _o, _s, _u, _p, _y, _b, _z, _zf) that, on first run, downloads the Bun JavaScript runtime from https://github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<platform>-<arch>.zip , stages the binary to /tmp/b/bun , chmods it executable, and invokes bun run against a sibling _index.js discovered via dirname(__file__) with a glob fallback. A guard file /tmp/.bun_ran ensures the dropper fires only once per machine to evade observation. Several signals confirm malicious intent: (1) the package advertises itself only as a 'pipe operator syntax' Python library and has no legitimate need for a JavaScript runtime; (2) _index.js is not listed in the wheel's RECORD manifest, meaning the executed JS payload is smuggled in or supplied by a later/sibling drop and is not covered by the distribution's integrity metadata; (3) __init__.py declares __version__ = '0.0.1' while the dist-info is 0.0.3 , a version-drift fingerprint consistent with an additive-only republish bolting the dropper onto a previously legitimate release; (4) the obfuscation shape (chained exec() of a one-line string with aliased imports) has no benign explanation for a.pth file, whose legitimate purpose is sys.path mutation. Installer impact: arbitrary attacker-controlled JavaScript execution on the installer's machine on the very next Python invocation after pip install bramin , with the executed bytes ( _index.js ) outside the wheel's signed manifest and therefore mutable by the attacker at any time.
Source: amazon-inspector (1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.