MAL-2026-10617: Malicious code in cosmos-cuda (PyPI)
The cosmos-cuda package on PyPI, specifically versions 9999.0.0 and 9999.0.1, contains malicious code that executes during installation and import. It collects the installer's hostname, username, and working directory, then exfiltrates this information to a hardcoded external server. The package uses a high version number to override legitimate internal packages, forcing execution of malicious setup.py code. This behavior leads to arbitrary code execution and data exfiltration on affected systems.
AI Analysis
Technical Summary
The cosmos-cuda PyPI package versions 9999.0.0 and 9999.0.1 are malicious. During installation, the setup.py runs a beacon function that collects system information (hostname, username, current directory) and sends it to an external host via DNS and HTTP(S) requests. Importing the package triggers similar data exfiltration. The package is sdist-only and uses a deliberately high version number to supersede internal packages resolved via extra index URLs, causing forced execution of malicious code during install. The package serves no legitimate purpose beyond this data exfiltration.
Potential Impact
Installation or import of the affected cosmos-cuda package versions results in arbitrary code execution and exfiltration of sensitive environment information (hostname, username, working directory) to an attacker-controlled external server. This compromises confidentiality of the installer's environment and may facilitate further attacks. There is no indication of broader system compromise beyond this data leakage.
Mitigation Recommendations
No official patch or fix is available. Users should avoid installing or importing the cosmos-cuda package versions 9999.0.0 and 9999.0.1 from PyPI. Verify package sources carefully and do not rely solely on version numbers for package resolution, especially when using extra index URLs. Remove any installations of these versions if present. Monitor package sources for updates or vendor advisories for remediation guidance.
MAL-2026-10617: Malicious code in cosmos-cuda (PyPI)
Description
The cosmos-cuda package on PyPI, specifically versions 9999.0.0 and 9999.0.1, contains malicious code that executes during installation and import. It collects the installer's hostname, username, and working directory, then exfiltrates this information to a hardcoded external server. The package uses a high version number to override legitimate internal packages, forcing execution of malicious setup.py code. This behavior leads to arbitrary code execution and data exfiltration on affected systems.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The cosmos-cuda PyPI package versions 9999.0.0 and 9999.0.1 are malicious. During installation, the setup.py runs a beacon function that collects system information (hostname, username, current directory) and sends it to an external host via DNS and HTTP(S) requests. Importing the package triggers similar data exfiltration. The package is sdist-only and uses a deliberately high version number to supersede internal packages resolved via extra index URLs, causing forced execution of malicious code during install. The package serves no legitimate purpose beyond this data exfiltration.
Potential Impact
Installation or import of the affected cosmos-cuda package versions results in arbitrary code execution and exfiltration of sensitive environment information (hostname, username, working directory) to an attacker-controlled external server. This compromises confidentiality of the installer's environment and may facilitate further attacks. There is no indication of broader system compromise beyond this data leakage.
Mitigation Recommendations
No official patch or fix is available. Users should avoid installing or importing the cosmos-cuda package versions 9999.0.0 and 9999.0.1 from PyPI. Verify package sources carefully and do not rely solely on version numbers for package resolution, especially when using extra index URLs. Remove any installations of these versions if present. Monitor package sources for updates or vendor advisories for remediation guidance.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10617
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a577ef368715ace43b415ec
Added to database: 07/15/2026, 12:37:07 UTC
Last enriched: 07/15/2026, 12:56:39 UTC
Last updated: 07/16/2026, 03:34:29 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.