MAL-2025-191719

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordhelper-ecr/MAL-2025-191719.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191719
Published
2025-11-26T23:58:49Z
Modified
2025-12-03T00:21:05.738686Z
Summary
Malicious code in discordhelper-ecr (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (689b1c190dc23f0188a57cac218b8dd66c56ecb77478d9bdac584a8cd111bb9b)

Package exftrates discord credentials to a hardcoded location


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-discordhelper-ecr

Reasons (based on the campaign):

  • exfiltration-credentials
Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "id": "pypi/2025-11-discordhelper-ecr/discordhelper-ecr",
            "modified_time": "2025-11-26T23:58:49.993916Z",
            "import_time": "2025-12-02T22:30:55.107976455Z",
            "sha256": "f5b22b25f4ab4161e366f330baed70168d770325f154cf605c5ec2a0f2be3d92",
            "source": "kam193"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "id": "pypi/2025-11-discordhelper-ecr/discordhelper-ecr",
            "modified_time": "2025-11-26T23:58:49.993916Z",
            "import_time": "2025-12-02T23:07:18.11935613Z",
            "sha256": "689b1c190dc23f0188a57cac218b8dd66c56ecb77478d9bdac584a8cd111bb9b",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / discordhelper-ecr

Package

Name
discordhelper-ecr
View open source insights on deps.dev
Purl
pkg:pypi/discordhelper-ecr

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordhelper-ecr/MAL-2025-191719.json"