MAL-2025-191702

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/chromifypro/MAL-2025-191702.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-191702

Published

2025-11-07T22:43:23Z

Modified

2026-03-19T12:51:45.867314Z

Summary

Malicious code in chromifypro (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (4138883ad2e38b4a8a4353918126f4732db5f04107be0bddafc745ec97120b52)

Packages silently decrypt content hidden in a dependency and load them as Python extension modules.

In the first wave, those are copies of legitimate aiohttp and aiohappyeyeballs packages. In the second wave, malicious packages created good-looking forks of legitimate rich and pigments packages.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-10-asynhttp

Reasons (based on the campaign):

typosquatting
exfiltration-generic
obfuscation
clones-real-package
native-extension

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "pypi/2025-10-asynhttp/chromifypro",
            "import_time": "2025-12-02T22:30:55.042958809Z",
            "source": "kam193",
            "modified_time": "2025-11-07T22:43:23.081806Z",
            "sha256": "b156d4195a20c086e7cd013834914c9443c8fa7b36581614df2021020cbc5689",
            "versions": [
                "1.0.1",
                "1.0.0"
            ]
        },
        {
            "id": "pypi/2025-10-asynhttp/chromifypro",
            "import_time": "2025-12-02T23:07:18.051405161Z",
            "source": "kam193",
            "modified_time": "2025-11-07T22:43:23.081806Z",
            "sha256": "7d54475b9a0020eac1dddf1c1a3684b901bfc7de641e03d571a933718b43933e",
            "versions": [
                "1.0.1",
                "1.0.0"
            ]
        },
        {
            "id": "pypi/2025-10-asynhttp/chromifypro",
            "import_time": "2025-12-10T18:45:05.207572121Z",
            "source": "kam193",
            "modified_time": "2025-11-07T22:43:23.081806Z",
            "sha256": "4138883ad2e38b4a8a4353918126f4732db5f04107be0bddafc745ec97120b52",
            "versions": [
                "1.0.1",
                "1.0.0"
            ]
        },
        {
            "id": "RLMA-2025-06558",
            "import_time": "2025-12-24T10:07:30.340631751Z",
            "source": "reversing-labs",
            "modified_time": "2025-12-23T08:38:08Z",
            "sha256": "000fc121aa0083346662729454da97a179ebfd789440c1a9a047c6fe8fee3e68",
            "versions": [
                "1.0.0",
                "1.0.1"
            ]
        },
        {
            "id": "pypi/2025-10-asynhttp/chromifypro",
            "import_time": "2025-12-30T22:39:04.053998316Z",
            "source": "kam193",
            "modified_time": "2025-11-07T22:43:23.081806Z",
            "sha256": "bca09f6f48f1f5d722c217e7f20e90add7a0131df05b2b08f6df4afbd131e3bf",
            "versions": [
                "1.0.0",
                "1.0.1"
            ]
        },
        {
            "id": "RLUA-2026-00192",
            "import_time": "2026-03-19T12:19:33.517218849Z",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:12:23Z",
            "sha256": "0267761bf8326742a23f099b996b08d6199c4719870e023bcf6a662ee5eef1e9"
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / chromifypro

Package

Name: chromifypro; View open source insights on deps.dev
Purl: pkg:pypi/chromifypro

Affected ranges

Affected versions

1.*

1.0.0

1.0.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/chromifypro/MAL-2025-191702.json"