MAL-2025-191637

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/humunculous5910145/MAL-2025-191637.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191637
Published
2025-10-19T16:44:55Z
Modified
2026-03-19T12:53:58.090327Z
Summary
Malicious code in humunculous5910145 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (42aa1f0acca970dd3dd66bb2d709b7afadf6b3f70f24992dc69c5254482604f1)

Packages that either reports home installation, simulate malicious activity or imitate Roblox API wrapper.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2025-10-wangzhou183

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.
Database specific
{
    "iocs": {
        "urls": [
            "https://discord.com/api/webhooks/1429446372410654800/CmzQaPJypMtuap4BqDzebkFZfSTVJoFRjj1UGfL_MZ1f7zTagpa5QkgAVC_WOVTA3CMV"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1"
            ],
            "id": "RLMA-2025-05606",
            "modified_time": "2025-12-01T12:54:27Z",
            "import_time": "2025-12-02T09:09:37.498608941Z",
            "sha256": "b6ffe72178d3a2c5f62c4d349ef701da0633c60cf08309bfb860bf5f97026813",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "0.1"
            ],
            "id": "pypi/2025-10-wangzhou183/humunculous5910145",
            "modified_time": "2025-10-19T16:44:55.347622Z",
            "import_time": "2025-12-02T22:30:56.108208923Z",
            "sha256": "932771b9bf6cf339ec2824c458e08cbc334d93a645a91343865130176e5b9b35",
            "source": "kam193"
        },
        {
            "versions": [
                "0.1"
            ],
            "id": "pypi/2025-10-wangzhou183/humunculous5910145",
            "modified_time": "2025-10-19T16:44:55.347622Z",
            "import_time": "2025-12-02T23:07:19.295671856Z",
            "sha256": "42aa1f0acca970dd3dd66bb2d709b7afadf6b3f70f24992dc69c5254482604f1",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00412",
            "modified_time": "2026-03-18T12:14:52Z",
            "import_time": "2026-03-19T12:19:53.818928344Z",
            "sha256": "91f58103d3ecd630228f03405c999e8a199133a4feb45e7ae0bfd562b58bb181",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / humunculous5910145

Package

Name
humunculous5910145
View open source insights on deps.dev
Purl
pkg:pypi/humunculous5910145

Affected ranges

Affected versions

0.*
0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/humunculous5910145/MAL-2025-191637.json"