MAL-2025-191802

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/netmanagement/MAL-2025-191802.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-191802

Published

2025-09-07T16:49:12Z

Modified

2025-12-31T02:55:54.140398Z

Summary

Malicious code in netmanagement (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (9af8bc10bc4f751ad03dbe8257d2d8c49941accbf8b8fe6149d17a457fc56811)

The package appears to be a PoC of overwriting "requests" package files. The new "requests/init.py" takes over common requests features and uses the implementation that a) logs every request to a file (but no external exfiltration, this may also be expected in some situations); b) after every 5 requests, opens the calculator app. The second shows clearly that the intention is to present a security risk, not create a real package.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2025-08-netmanagement

Reasons (based on the campaign):

action-hidden-in-lib-usage
other

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "506efb236796dfaba988cc71b017ce31b81505c1d2c4bb6cad7c9378794c3b57",
            "source": "kam193",
            "modified_time": "2025-09-07T16:49:12.955911Z",
            "id": "pypi/2025-08-netmanagement/netmanagement",
            "versions": [
                "0.1.1",
                "0.1.0"
            ],
            "import_time": "2025-12-02T22:30:56.235557197Z"
        },
        {
            "sha256": "9af8bc10bc4f751ad03dbe8257d2d8c49941accbf8b8fe6149d17a457fc56811",
            "source": "kam193",
            "modified_time": "2025-09-07T16:49:12.955911Z",
            "id": "pypi/2025-08-netmanagement/netmanagement",
            "versions": [
                "0.1.1",
                "0.1.0"
            ],
            "import_time": "2025-12-02T23:07:19.422939626Z"
        },
        {
            "sha256": "5181cd5d5f76a4ea05eb15c44edaf6719d381db2b6b0aaf86fc148828d73d42f",
            "source": "kam193",
            "modified_time": "2025-09-07T16:49:12.955911Z",
            "id": "pypi/2025-08-netmanagement/netmanagement",
            "versions": [
                "0.1.0",
                "0.1.1"
            ],
            "import_time": "2025-12-30T22:39:04.319216526Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/netmanagement

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / netmanagement

Package

Name: netmanagement; View open source insights on deps.dev
Purl: pkg:pypi/netmanagement

Affected ranges

Affected versions

0.*

0.1.0

0.1.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/netmanagement/MAL-2025-191802.json"