MAL-2025-191732
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/flask-tdg-cyberx/MAL-2025-191732.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-191732
- Published
- 2025-08-17T19:39:48Z
- Modified
- 2025-12-31T02:53:45.355967Z
- Summary
- Malicious code in flask-tdg-cyberx (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (d5dae82b81352867ea79466352b02c279be8b7ca2f0415f0534058e20b943436)
Package is prepared for exfiltration of detailed data about the running system. The exact behaviour depends on the version: some does nothing, some exfiltrate information, some have embeded malware. The package does not run malicious functions automatically.
Obfuscated URL suggest it may be part of some targetted activity
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-08-flask-tdg-cyber
Reasons (based on the campaign):
exfiltration-generic
exfiltration-env-variables
obfuscation
malware
- Database specific
{ "iocs": { "domains": [ "api-tdgbanking.vercel.app" ], "urls": [ "https://api-tdgbanking.vercel.app/api/coolenv?a=" ] }, "malicious-packages-origins": [ { "source": "kam193", "id": "pypi/2025-08-flask-tdg-cyber/flask-tdg-cyberx", "modified_time": "2025-08-21T11:26:18.548239Z", "sha256": "bffe044728215cb8f1000a57300a8b7a297a9534de672c035eace61e73eb6bcd", "versions": [ "3.300.40", "3.300.39", "3.100.2", "1.0.1", "3.300.41" ], "import_time": "2025-12-02T22:30:55.201341793Z" }, { "source": "kam193", "id": "pypi/2025-08-flask-tdg-cyber/flask-tdg-cyberx", "modified_time": "2025-08-21T11:26:18.548239Z", "sha256": "d5dae82b81352867ea79466352b02c279be8b7ca2f0415f0534058e20b943436", "versions": [ "3.300.40", "3.300.39", "3.100.2", "1.0.1", "3.300.41" ], "import_time": "2025-12-02T23:07:18.210206303Z" }, { "source": "kam193", "id": "pypi/2025-08-flask-tdg-cyber/flask-tdg-cyberx", "modified_time": "2025-08-21T11:26:18.548239Z", "sha256": "437776151fb9f19669d0845f2a3b40982782bba2f451ed5d4afa5aa7e41d646f", "versions": [ "1.0.1", "3.100.2", "3.300.39", "3.300.40", "3.300.41" ], "import_time": "2025-12-30T22:39:04.084602844Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
Affected packages
PyPI / flask-tdg-cyberx
Package
- Name
- flask-tdg-cyberx
- View open source insights on deps.dev
- Purl
- pkg:pypi/flask-tdg-cyberx