MAL-2025-191798

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/multithreadedexecution/MAL-2025-191798.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191798
Published
2025-11-30T23:59:28Z
Modified
2025-12-03T00:27:38.169049Z
Summary
Malicious code in multithreadedexecution (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (3248950b032e1381ddc79d43dfdba8fb6dccce4b1afafd5825e560d793b3bd09)

Once run, package downloads and installs an infostealer


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-discord-selfsbotsx

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • infostealer

  • malware

  • peristence-autorun

Database specific
{
    "iocs": {
        "urls": [
            "https://pastebin.com/raw/HvFhs7zk",
            "http://212.80.7.213:20578"
        ],
        "ips": [
            "212.80.7.213"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "id": "pypi/2025-11-discord-selfsbotsx/multithreadedexecution",
            "modified_time": "2025-11-30T23:59:28.937561Z",
            "import_time": "2025-12-02T22:30:55.348568446Z",
            "sha256": "5af5a526d3255cf6c76e0490269ba46e56c0944a8f7c761e63ee801f07ffd1d0",
            "source": "kam193"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "id": "pypi/2025-11-discord-selfsbotsx/multithreadedexecution",
            "modified_time": "2025-11-30T23:59:28.937561Z",
            "import_time": "2025-12-02T23:07:18.378996293Z",
            "sha256": "3248950b032e1381ddc79d43dfdba8fb6dccce4b1afafd5825e560d793b3bd09",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / multithreadedexecution

Package

Name
multithreadedexecution
View open source insights on deps.dev
Purl
pkg:pypi/multithreadedexecution

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/multithreadedexecution/MAL-2025-191798.json"