MAL-2025-191803

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/network-utils-simple/MAL-2025-191803.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191803
Published
2025-02-14T23:02:49Z
Modified
2025-12-31T02:55:56.186940Z
Summary
Malicious code in network-utils-simple (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d)

During installation, there is an attempt to download and execute code. The package has no real functionality.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-02-network-utils-simple

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "bc0c49092004be85dfeb1bde20187a0064ef40d2085df3aaf4fd5cf2e83c8a8f",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-02-14T23:02:49Z",
            "source": "kam193",
            "id": "pypi/2025-02-network-utils-simple/network-utils-simple",
            "import_time": "2025-12-02T22:30:55.358543894Z"
        },
        {
            "sha256": "1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-02-14T23:02:49Z",
            "source": "kam193",
            "id": "pypi/2025-02-network-utils-simple/network-utils-simple",
            "import_time": "2025-12-02T23:07:18.390595298Z"
        },
        {
            "versions": [
                "1.3.3",
                "1.3.2",
                "1.3.8",
                "1.0.0",
                "1.1.0",
                "1.2.1",
                "1.2.2",
                "1.2.3",
                "1.2.4",
                "1.2.5",
                "1.2.6",
                "1.2.9",
                "1.2.7",
                "1.2.8",
                "1.3.0",
                "1.3.4",
                "1.3.5",
                "1.3.6",
                "1.3.7"
            ],
            "sha256": "1771b174e3a524e62418469f2f9485ca3d5d0ccd7bfa76243a152d2c35fcec9d",
            "modified_time": "2025-02-14T23:02:49Z",
            "source": "kam193",
            "id": "pypi/2025-02-network-utils-simple/network-utils-simple",
            "import_time": "2025-12-10T21:38:57.611129517Z"
        },
        {
            "versions": [
                "1.0.0",
                "1.1.0",
                "1.2.1",
                "1.2.2",
                "1.2.3",
                "1.2.4",
                "1.2.5",
                "1.2.6",
                "1.2.7",
                "1.2.8",
                "1.2.9",
                "1.3.0",
                "1.3.2",
                "1.3.3",
                "1.3.4",
                "1.3.5",
                "1.3.6",
                "1.3.7",
                "1.3.8"
            ],
            "sha256": "7f1712ca8ff4e22e19054082ecda7ef7b746121d7cb8662c1342d4804808dfb3",
            "modified_time": "2025-02-14T23:02:49Z",
            "source": "kam193",
            "id": "pypi/2025-02-network-utils-simple/network-utils-simple",
            "import_time": "2025-12-30T22:39:04.136110246Z"
        }
    ],
    "iocs": {
        "domains": [
            "ip-database-netutils.pages.dev"
        ]
    }
}
References
Credits

Affected packages

PyPI / network-utils-simple

Package

Name
network-utils-simple
View open source insights on deps.dev
Purl
pkg:pypi/network-utils-simple

Affected ranges

Affected versions

1.*
1.0.0
1.1.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/network-utils-simple/MAL-2025-191803.json"