MAL-2025-191807

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/package-346234294/MAL-2025-191807.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191807
Published
2025-07-13T17:51:22Z
Modified
2026-04-01T12:45:58.918928Z
Summary
Malicious code in package-346234294 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39)

Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-simple-tests

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.
Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "4db08e46dd885feacc30b279cba830889aea1fb2f6e4844ed72a7f9a9a516aa5",
            "source": "kam193",
            "modified_time": "2025-07-13T17:51:22.369643Z",
            "id": "pypi/GENERIC-simple-tests/package-346234294",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:56.283584499Z"
        },
        {
            "sha256": "c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39",
            "source": "kam193",
            "modified_time": "2025-07-13T17:51:22.369643Z",
            "id": "pypi/GENERIC-simple-tests/package-346234294",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:19.470887677Z"
        },
        {
            "sha256": "fdf1050bb50071b259a5ac2dd73c9baf2254a911def0a6037350ce319c9c7649",
            "source": "kam193",
            "modified_time": "2025-07-13T17:51:22.369643Z",
            "id": "pypi/GENERIC-simple-tests/package-346234294",
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3"
            ],
            "import_time": "2025-12-10T21:38:58.584279225Z"
        },
        {
            "sha256": "12da6501efaf0b9cf42494b5ba6b1841b06d8677a0486b592b7c5c5c1f759808",
            "source": "kam193",
            "modified_time": "2025-07-13T17:51:22.369643Z",
            "id": "pypi/GENERIC-simple-tests/package-346234294",
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3"
            ],
            "import_time": "2026-03-17T22:46:38.485482793Z"
        },
        {
            "sha256": "dc476fc3cae10c61dc1246246ed37f88e10dfa1652fdfe472bde067acb91e68e",
            "source": "reversing-labs",
            "modified_time": "2026-03-24T15:22:31Z",
            "id": "RLMA-2026-01686",
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3"
            ],
            "import_time": "2026-04-01T12:26:05.988216697Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / package-346234294

Package

Name
package-346234294
View open source insights on deps.dev
Purl
pkg:pypi/package-346234294

Affected ranges

Affected versions

1.*
1.0.1
1.0.2
1.0.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/package-346234294/MAL-2025-191807.json"