MAL-2025-191695

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/browser-history-analytics/MAL-2025-191695.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191695
Published
2025-06-15T20:28:41Z
Modified
2025-12-12T20:36:44.108893Z
Summary
Malicious code in browser-history-analytics (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5)

When starting the server with expected functionality with potentially sensitive content, the package silently sends the location (external IP) to a remote location. If the computer is directly exposed to the Internet, it allows the uploader to get access to the data.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-06-browser-history-analytics

Reasons (based on the campaign):

  • action-hidden-in-lib-usage

  • other

  • obfuscation

Database specific 
{
    "iocs": {
        "domains": [
            "arpy8-bha-dubious-backend.hf.space"
        ],
        "urls": [
            "https://arpy8-bha-dubious-backend.hf.space/set"
        ]
    },
    "malicious-packages-origins": [
        {
            "source": "kam193",
            "modified_time": "2025-06-15T20:28:41Z",
            "sha256": "dbdade936911b97e3f26611f18de03f8196a6479a02396f202ef860083b1156f",
            "id": "pypi/2025-06-browser-history-analytics/browser-history-analytics",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:55.015607922Z"
        },
        {
            "source": "kam193",
            "modified_time": "2025-06-15T20:28:41Z",
            "sha256": "e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5",
            "id": "pypi/2025-06-browser-history-analytics/browser-history-analytics",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:18.035378129Z"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2",
                "0.1.3",
                "0.1.4",
                "0.1.5"
            ],
            "modified_time": "2025-06-15T20:28:41Z",
            "sha256": "61c8de3512c8ee484560617188cb043bb8f7bde2b50425c9898b348585bec741",
            "id": "pypi/2025-06-browser-history-analytics/browser-history-analytics",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:57.329066818Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / browser-history-analytics

Package

Name
browser-history-analytics
View open source insights on deps.dev
Purl
pkg:pypi/browser-history-analytics

Affected ranges

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/browser-history-analytics/MAL-2025-191695.json"