MAL-2024-5101
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/easyhttprequest/MAL-2024-5101.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-5101
- Aliases
-
- SNYK-PYTHON-EASYHTTPREQUEST-6139264
- Published
- 2024-06-25T13:35:06Z
- Modified
- 2025-12-24T10:29:17.744622Z
- Summary
- Malicious code in easyhttprequest (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (2b8f76adb9701e490a7cb89a6457afd1ce1cbe67712cdca356da7f35791ba993)
Clone of the requests package. During installation, it downloads a git repository and attempts to execute a script from its commit message
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2023-12-09-easyhttprequest
Reasons (based on the campaign):
The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote malicious script.
clones-real-package
- Database specific
{ "malicious-packages-origins": [ { "versions": [ "2.31.5", "2.31.4" ], "id": "RLMA-2024-03881", "modified_time": "2024-06-25T13:35:06Z", "import_time": "2024-06-28T02:48:54.023055223Z", "sha256": "388de2c20294368ff9d6bb19c7186f425e1aa8aa2626055f1c79601cc5127e2f", "source": "reversing-labs" }, { "id": "RLUA-2024-08178", "modified_time": "2024-10-16T14:40:08Z", "import_time": "2024-10-24T00:59:09.652100838Z", "sha256": "e403455ee47272b28fe57bd3d7b76fee0300e9f68f412f99f6731844760a06ea", "source": "reversing-labs" }, { "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "id": "pypi/2023-12-09-easyhttprequest/easyhttprequest", "modified_time": "2024-11-29T22:03:31Z", "import_time": "2025-12-02T22:30:55.117723594Z", "sha256": "e429c7eb8d552d814158f47a9601620b9245ec31a710c2af8b005aac9f8ebae3", "source": "kam193" }, { "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "id": "pypi/2023-12-09-easyhttprequest/easyhttprequest", "modified_time": "2024-11-29T22:03:31Z", "import_time": "2025-12-02T23:07:18.129525589Z", "sha256": "2b8f76adb9701e490a7cb89a6457afd1ce1cbe67712cdca356da7f35791ba993", "source": "kam193" }, { "versions": [ "2.31.4", "2.31.5" ], "id": "pypi/2023-12-09-easyhttprequest/easyhttprequest", "modified_time": "2024-11-29T22:03:31Z", "import_time": "2025-12-10T21:38:57.414690296Z", "sha256": "461c3dce37946adf37a513d11fb88d32996b9ea049cd61402ef5ab59601221a8", "source": "kam193" }, { "id": "RLUA-2025-06562", "modified_time": "2025-12-23T08:38:23Z", "import_time": "2025-12-24T10:07:36.499314675Z", "sha256": "6ac2b994befd596d6f2d6f4a6e752cdb739900f210f4ca1e1c9efe6e1ea07c2e", "source": "reversing-labs" } ], "iocs": { "urls": [ "https://github.com/isaaknikolaev/PySocks", "https://github.com/isaaknikolaev/PySocks.git" ] } }- References
-
- https://medium.com/checkmarx-security/python-packages-leverage-github-to-deploy-fileless-malware-b6c281dea58f
- https://security.snyk.io/vuln/SNYK-PYTHON-EASYHTTPREQUEST-6139264
- https://bad-packages.kam193.eu/pypi/package/easyhttprequest
- https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / easyhttprequest
Package
- Name
- easyhttprequest
- View open source insights on deps.dev
- Purl
- pkg:pypi/easyhttprequest