MAL-2024-11575

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dftester-pip/MAL-2024-11575.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-11575
Published
2024-11-27T17:03:25Z
Modified
2026-03-19T12:52:32.217028Z
Summary
Malicious code in dftester-pip (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (2e23c327cc9243e5437e6b31224c6796b90399065b451269641911b1d1982483)

Example package with overwritten install command and the reverse shell

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-11-dftester-pip

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

Database specific 
{
    "iocs": {
        "urls": [
            "https://raw.githubusercontent.com/0xe2d0/evil-pip/main/scripts/linux.txt",
            "https://raw.githubusercontent.com/0xe2d0/evil-pip/main/scripts/windows.txt"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "RLMA-2024-11023",
            "sha256": "8370ad2a7375101a6442064130e71846a3243c72a42b5d4686b0d3e18251ba8a",
            "source": "reversing-labs",
            "versions": [
                "0.0.1"
            ],
            "modified_time": "2024-12-09T06:50:07Z",
            "import_time": "2024-12-09T14:38:43.119050401Z"
        },
        {
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "id": "pypi/2024-11-dftester-pip/dftester-pip",
            "sha256": "2ecd5f09f0c86ff90b26880e231db33f48a7e9712c9a90b8cef385b3e746cbe7",
            "source": "kam193",
            "modified_time": "2024-11-27T17:03:25Z",
            "import_time": "2025-12-02T22:30:55.994689522Z"
        },
        {
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "id": "pypi/2024-11-dftester-pip/dftester-pip",
            "sha256": "2e23c327cc9243e5437e6b31224c6796b90399065b451269641911b1d1982483",
            "source": "kam193",
            "modified_time": "2024-11-27T17:03:25Z",
            "import_time": "2025-12-02T23:07:19.189251796Z"
        },
        {
            "id": "pypi/2024-11-dftester-pip/dftester-pip",
            "sha256": "46a51890b899cc8b9991886ea11cfe5b01c2e87d3f410224e60ee0021d6b08b9",
            "source": "kam193",
            "versions": [
                "0.0.1"
            ],
            "modified_time": "2024-11-27T17:03:25Z",
            "import_time": "2025-12-10T21:38:58.330323796Z"
        },
        {
            "id": "RLUA-2026-00264",
            "sha256": "1b3ebb681d19b048e9c3e67fd485cb7f44fa76af6a34f8c34067ab4d9fd081a0",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:13:13Z",
            "import_time": "2026-03-19T12:19:40.056894288Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / dftester-pip

Package

Name
dftester-pip
View open source insights on deps.dev
Purl
pkg:pypi/dftester-pip

Affected ranges

Affected versions

0.*
0.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dftester-pip/MAL-2024-11575.json"