MAL-2025-191764

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/imad213tools/MAL-2025-191764.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191764
Published
2025-07-05T20:30:08Z
Modified
2025-12-12T20:31:46.259718Z
Summary
Malicious code in imad213tools (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (2cddffd96538ab03979aa6404e3c946258e49677220c4820f3a8f0972b31cb17)

Encrypted code offering massive sending Instagram followers.

1) besides of using some shady services to achieve the goal, it also exfiltrates saved Instagram credentials to a remote server; 2) the project page offers selling an "exploit" for Instagram servers


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-imad213tools

Reasons (based on the campaign):

  • exfiltration-credentials

  • other

  • obfuscation

Database specific
{
    "iocs": {
        "domains": [
            "imad213-py-rsa.ct.ws"
        ],
        "urls": [
            "https://imad213-py-rsa.ct.ws/imad.txt",
            "https://imad213-py-rsa.ct.ws/fuck.txt"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "pypi/2025-07-imad213tools/imad213tools",
            "modified_time": "2025-07-05T20:30:08Z",
            "import_time": "2025-12-02T22:30:55.269456297Z",
            "sha256": "c7749e01a147bee07679d7fddb4dc16b34399b6015b8fbc92352352687648751",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "id": "pypi/2025-07-imad213tools/imad213tools",
            "modified_time": "2025-07-05T20:30:08Z",
            "import_time": "2025-12-02T23:07:18.293979841Z",
            "sha256": "2cddffd96538ab03979aa6404e3c946258e49677220c4820f3a8f0972b31cb17",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "1.0.0",
                "213"
            ],
            "id": "pypi/2025-07-imad213tools/imad213tools",
            "modified_time": "2025-07-05T20:30:08Z",
            "import_time": "2025-12-10T21:38:57.541799887Z",
            "sha256": "3af3593bdc280b177375f0a66709b11dca8f66899289419f6ba368ee5b6579ee",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / imad213tools

Package

Affected ranges

Affected versions

1.*
1.0.0
Other
213

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/imad213tools/MAL-2025-191764.json"