spark-ml-utilities @1.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-1224
Ecosystem
pypi
Summary
During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign, the code only attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by installing a similarly named package from private repository Related campaigns: 2026-02-spark-audit-notify, 2026-03-geekennedy --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-02-urllib-slim Reasons (based on the campaign): - typosquatting - Downloads and executes a remote executable. - obfuscation - dependency-confusion
Source: kam193 (3c1db0bd2243007553e09eff3018d49b00dbdf3a5183d364225d32f80f7b773f)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.