MAL-2025-191674

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiogram-msgeffect/MAL-2025-191674.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-191674

Published

2025-11-22T16:25:53Z

Modified

2026-03-19T12:49:55.204041Z

Summary

Malicious code in aiogram-msgeffect (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (edd5a99e6d1cebb47e713991f08b50dee4b5bf93ae487f6adc446318ccdba6e7)

Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-tgeffect

Reasons (based on the campaign):

obfuscation
target:telegram
exfiltration-credentials

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2025-12-02T22:30:54.888235377Z",
            "id": "pypi/2025-11-tgeffect/aiogram-msgeffect",
            "versions": [
                "1.2.1",
                "1.1.4"
            ],
            "source": "kam193",
            "modified_time": "2025-11-22T16:25:53.739259Z",
            "sha256": "41de8b9061c97a329f2c0c212b774e139752834b73fdd5683104f56385965a1a"
        },
        {
            "import_time": "2025-12-02T23:07:17.931957699Z",
            "id": "pypi/2025-11-tgeffect/aiogram-msgeffect",
            "versions": [
                "1.2.1",
                "1.1.4"
            ],
            "source": "kam193",
            "modified_time": "2025-11-22T16:25:53.739259Z",
            "sha256": "edd5a99e6d1cebb47e713991f08b50dee4b5bf93ae487f6adc446318ccdba6e7"
        },
        {
            "import_time": "2025-12-24T10:07:29.975434003Z",
            "id": "RLMA-2025-06549",
            "versions": [
                "1.1.4",
                "1.2.1"
            ],
            "source": "reversing-labs",
            "modified_time": "2025-12-23T08:37:50Z",
            "sha256": "98351a28d67c948095d0be173cefde8d82e298a8788fb6ad61cc5ffdfc0bf904"
        },
        {
            "import_time": "2025-12-30T22:39:04.024676724Z",
            "id": "pypi/2025-11-tgeffect/aiogram-msgeffect",
            "versions": [
                "1.1.4",
                "1.2.1"
            ],
            "source": "kam193",
            "modified_time": "2025-11-22T16:25:53.739259Z",
            "sha256": "08bd452a81a13506c01ddc1ea26c6291567708e60b1498ec105f80c442169064"
        },
        {
            "import_time": "2026-03-19T12:19:20.350230426Z",
            "id": "RLUA-2026-00040",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:10:46Z",
            "sha256": "bdd09ae6ee2f772195d3aec2a7d5e30b94fac0a2e360230ba9c53c78a65f8c5f"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/aiogram-msgeffect

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / aiogram-msgeffect

Package

Name: aiogram-msgeffect; View open source insights on deps.dev
Purl: pkg:pypi/aiogram-msgeffect

Affected ranges

Affected versions

1.*

1.1.4

1.2.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiogram-msgeffect/MAL-2025-191674.json"