-= Per source details. Do not edit below this line.=-
During installation, there is an attempt to download and execute code. The package has no real functionality.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-02-network-utils-simple
Reasons (based on the campaign):
Downloads and executes a remote executable.
The package overrides the install command in setup.py to execute malicious code during installation.
{
"malicious-packages-origins": [
{
"sha256": "bc0c49092004be85dfeb1bde20187a0064ef40d2085df3aaf4fd5cf2e83c8a8f",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2025-02-14T23:02:49Z",
"source": "kam193",
"id": "pypi/2025-02-network-utils-simple/network-utils-simple",
"import_time": "2025-12-02T22:30:55.358543894Z"
},
{
"sha256": "1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2025-02-14T23:02:49Z",
"source": "kam193",
"id": "pypi/2025-02-network-utils-simple/network-utils-simple",
"import_time": "2025-12-02T23:07:18.390595298Z"
},
{
"versions": [
"1.3.3",
"1.3.2",
"1.3.8",
"1.0.0",
"1.1.0",
"1.2.1",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.9",
"1.2.7",
"1.2.8",
"1.3.0",
"1.3.4",
"1.3.5",
"1.3.6",
"1.3.7"
],
"sha256": "1771b174e3a524e62418469f2f9485ca3d5d0ccd7bfa76243a152d2c35fcec9d",
"modified_time": "2025-02-14T23:02:49Z",
"source": "kam193",
"id": "pypi/2025-02-network-utils-simple/network-utils-simple",
"import_time": "2025-12-10T21:38:57.611129517Z"
},
{
"versions": [
"1.0.0",
"1.1.0",
"1.2.1",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.7",
"1.2.8",
"1.2.9",
"1.3.0",
"1.3.2",
"1.3.3",
"1.3.4",
"1.3.5",
"1.3.6",
"1.3.7",
"1.3.8"
],
"sha256": "7f1712ca8ff4e22e19054082ecda7ef7b746121d7cb8662c1342d4804808dfb3",
"modified_time": "2025-02-14T23:02:49Z",
"source": "kam193",
"id": "pypi/2025-02-network-utils-simple/network-utils-simple",
"import_time": "2025-12-30T22:39:04.136110246Z"
}
],
"iocs": {
"domains": [
"ip-database-netutils.pages.dev"
]
}
}