-= Per source details. Do not edit below this line.=-
Package uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: SCRIPT_KIDDIE-thegoodhacker-paquete
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
Package uses simple pre-prepared tools to create a low-quality malicious action.
{
"malicious-packages-origins": [
{
"sha256": "e59d7877b4e417c548f6354c18e809e26c5bd58b6ad6d7a402954cdfa509b52f",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-08-05T22:25:51Z",
"source": "kam193",
"id": "pypi/SCRIPT_KIDDIE-thegoodhacker-paquete/paquete-5",
"import_time": "2025-12-02T22:30:55.419203849Z"
},
{
"sha256": "4f3a3134bb30ff4d1c08b8ab3469f769ad1a1654d39e0c3e818973063d524d75",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-08-05T22:25:51Z",
"source": "kam193",
"id": "pypi/SCRIPT_KIDDIE-thegoodhacker-paquete/paquete-5",
"import_time": "2025-12-02T23:07:18.447970084Z"
},
{
"versions": [
"1.0.0"
],
"sha256": "3e28b701ef17ac4f6f9df773e58e04892c8729a55d4b46351f7f5cb04c9e958e",
"modified_time": "2024-08-05T22:25:51Z",
"source": "kam193",
"id": "pypi/SCRIPT_KIDDIE-thegoodhacker-paquete/paquete-5",
"import_time": "2025-12-10T21:38:57.664500701Z"
}
],
"iocs": {
"urls": [
"https://github.com/thegoodhackertv/malpip"
]
}
}