MAL-2025-191714

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dcbot-online/MAL-2025-191714.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191714
Published
2025-02-15T18:04:04Z
Modified
2025-12-12T20:39:02.706441Z
Summary
Malicious code in dcbot-online (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (a2b2d82d9610b559f44aa1473f097c56b8f87a6297941604807a0ec56bf2abf4)

Starting the module runs an infostealer targeting browsers and Discord data


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-02-dcbot-online

Reasons (based on the campaign):

  • infostealer

  • exfiltration-browser-data

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "bb7bc49f088e03bd360c3486c810766e8acbc143f80317395b021ddccd521bc1",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-02-15T18:04:04Z",
            "source": "kam193",
            "id": "pypi/2025-02-dcbot-online/dcbot-online",
            "import_time": "2025-12-02T22:30:55.091912674Z"
        },
        {
            "sha256": "a2b2d82d9610b559f44aa1473f097c56b8f87a6297941604807a0ec56bf2abf4",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-02-15T18:04:04Z",
            "source": "kam193",
            "id": "pypi/2025-02-dcbot-online/dcbot-online",
            "import_time": "2025-12-02T23:07:18.104509009Z"
        },
        {
            "versions": [
                "0.1.0"
            ],
            "sha256": "11113d1e4795e0e5559abf7502d366a0763b52131a53d62766c434ddfa526d9d",
            "modified_time": "2025-02-15T18:04:04Z",
            "source": "kam193",
            "id": "pypi/2025-02-dcbot-online/dcbot-online",
            "import_time": "2025-12-10T21:38:57.390103903Z"
        }
    ],
    "iocs": {
        "ips": [
            "178.208.187.105"
        ],
        "urls": [
            "http://178.208.187.105/qweqweqwe.txt"
        ]
    }
}
References
Credits

Affected packages

PyPI / dcbot-online

Package

Affected ranges

Affected versions

0.*
0.1.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dcbot-online/MAL-2025-191714.json"