MAL-2024-8025
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/puffioner131/MAL-2024-8025.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-8025
- Published
- 2024-07-26T16:53:30Z
- Modified
- 2025-12-12T20:41:50.982619Z
- Summary
- Malicious code in puffioner131 (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (03e7420ebe17c5b3feef69b274c7b6e57ed2e6913e19a561d7040e3b48e041a2)
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
Source: ossf-package-analysis (d80eb997ae6841c572c88837dc6e194e2e20a5d12b31476f919b29f3b5931788)
The OpenSSF Package Analysis project identified 'puffioner131' @ 999999991 (pypi) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2024-08-21T15:05:07.687125124Z", "modified_time": "2024-08-21T14:53:10Z", "source": "ossf-package-analysis", "versions": [ "99999999" ], "sha256": "3f949c1ed3b242666f9fceeb6adf4ec7105c6f257aaa86080d0fd154fa56a80f" }, { "import_time": "2024-08-21T15:33:59.59144667Z", "modified_time": "2024-08-21T15:26:54Z", "source": "ossf-package-analysis", "versions": [ "999999991" ], "sha256": "d80eb997ae6841c572c88837dc6e194e2e20a5d12b31476f919b29f3b5931788" }, { "import_time": "2025-12-02T22:30:56.319772937Z", "modified_time": "2024-07-26T16:53:30Z", "source": "kam193", "sha256": "769ce8123d91c5655d14c6a2492df0bdec01d03ce14ade3edc125ef4c02b4ce7", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "id": "pypi/GENERIC-standard-pypi-install-pentest/puffioner131" }, { "import_time": "2025-12-02T23:07:19.50988151Z", "modified_time": "2024-07-26T16:53:30Z", "source": "kam193", "sha256": "03e7420ebe17c5b3feef69b274c7b6e57ed2e6913e19a561d7040e3b48e041a2", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "id": "pypi/GENERIC-standard-pypi-install-pentest/puffioner131" }, { "import_time": "2025-12-10T21:38:58.621207552Z", "modified_time": "2024-07-26T16:53:30Z", "source": "kam193", "versions": [ "9999", "99999", "999999", "9999999", "99999999", "999999999" ], "sha256": "7cbefc979dbe0ce2160ad37ee4d538df237397846c71ff9249e5fc84a69eaae1", "id": "pypi/GENERIC-standard-pypi-install-pentest/puffioner131" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
PyPI / puffioner131
Package
- Name
- puffioner131
- View open source insights on deps.dev
- Purl
- pkg:pypi/puffioner131