MAL-2025-191761

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hooktest3/MAL-2025-191761.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191761
Published
2025-12-02T08:19:15Z
Modified
2025-12-03T00:24:34.132056Z
Summary
Malicious code in hooktest3 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23)

During installation, the package starts a code to retrieve and execute commands from Discord

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-hooktest1

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

  • rat

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-12-02T08:19:15.94106Z",
            "versions": [
                "0.1.1"
            ],
            "source": "kam193",
            "sha256": "03446293baa732834900cda71b588009cb031b9ef180c0c89bf4147191eb530a",
            "id": "pypi/2025-11-hooktest1/hooktest3",
            "import_time": "2025-12-02T22:30:55.254071274Z"
        },
        {
            "modified_time": "2025-12-02T08:19:15.94106Z",
            "versions": [
                "0.1.1"
            ],
            "source": "kam193",
            "sha256": "3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23",
            "id": "pypi/2025-11-hooktest1/hooktest3",
            "import_time": "2025-12-02T23:07:18.276674017Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / hooktest3

Package

Name
hooktest3
View open source insights on deps.dev
Purl
pkg:pypi/hooktest3

Affected ranges

Affected versions

0.*

0.1.1