MAL-2025-191632

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/httpserver-cache/MAL-2025-191632.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191632
Published
2025-10-27T12:59:04Z
Modified
2026-03-19T12:53:38.705381Z
Summary
Malicious code in httpserver-cache (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (f48fad5068e7bfd86223ca6ef2fbf939ae684f2a4ae499f15f9cbe1e0cd9144d)

Packages silently decrypt content hidden in a dependency and load them as Python extension modules.

In the first wave, those are copies of legitimate aiohttp and aiohappyeyeballs packages. In the second wave, malicious packages created good-looking forks of legitimate rich and pigments packages.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-10-asynhttp

Reasons (based on the campaign):

  • typosquatting

  • exfiltration-generic

  • obfuscation

  • clones-real-package

  • native-extension

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "3.13.1"
            ],
            "id": "RLMA-2025-05601",
            "modified_time": "2025-12-01T12:54:25Z",
            "import_time": "2025-12-02T09:09:37.155313986Z",
            "sha256": "b844fd19cd54946f87975380d6567c6735c58e57248053c3c49c403d58617553",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "3.14.0"
            ],
            "id": "pypi/2025-10-asynhttp/httpserver-cache",
            "modified_time": "2025-10-27T12:59:04.890586Z",
            "import_time": "2025-12-02T22:30:55.257088844Z",
            "sha256": "b6d14c1a0634b7c0ebef204b42090ed65d5b0246f29b8707d35794830096fdea",
            "source": "kam193"
        },
        {
            "versions": [
                "3.14.0"
            ],
            "id": "pypi/2025-10-asynhttp/httpserver-cache",
            "modified_time": "2025-10-27T12:59:04.890586Z",
            "import_time": "2025-12-02T23:07:18.280198918Z",
            "sha256": "e7a215e207f060c3cd06c2ca78ad57787473b5a9509572b34c4e0fd873bc1a85",
            "source": "kam193"
        },
        {
            "versions": [
                "3.14.0"
            ],
            "id": "pypi/2025-10-asynhttp/httpserver-cache",
            "modified_time": "2025-10-27T12:59:04.890586Z",
            "import_time": "2025-12-10T18:45:05.208391814Z",
            "sha256": "f48fad5068e7bfd86223ca6ef2fbf939ae684f2a4ae499f15f9cbe1e0cd9144d",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00400",
            "modified_time": "2026-03-18T12:14:45Z",
            "import_time": "2026-03-19T12:19:52.73976624Z",
            "sha256": "cf6cc2d765cfb74609601f71d8c0fd9b7afe63c6821e1d840b08e3c1fb9f1f0d",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / httpserver-cache

Package

Name
httpserver-cache
View open source insights on deps.dev
Purl
pkg:pypi/httpserver-cache

Affected ranges

Affected versions

3.*
3.13.1
3.14.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/httpserver-cache/MAL-2025-191632.json"