MAL-2025-191810

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pam98wyfupa98w/MAL-2025-191810.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191810
Published
2025-11-14T17:24:18Z
Modified
2025-12-03T00:29:28.614915Z
Summary
Malicious code in pam98wyfupa98w (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (be7177fd2d56b518724377233ca5eda13a07f6252e400cfb4c1115db456b5fd8)

Importing the module starts a reverse shell

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-d1n0

Reasons (based on the campaign):

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2025-12-02T22:30:55.41846579Z",
            "modified_time": "2025-11-14T17:24:18.503127Z",
            "sha256": "c8b62ee93d374187e728b0d24a516ffcd4f3a209bf5214a3c3c1587f225a3e92",
            "source": "kam193",
            "versions": [
                "0.0.1"
            ],
            "id": "pypi/2025-11-d1n0/pam98wyfupa98w"
        },
        {
            "import_time": "2025-12-02T23:07:18.447051279Z",
            "modified_time": "2025-11-14T17:24:18.503127Z",
            "sha256": "be7177fd2d56b518724377233ca5eda13a07f6252e400cfb4c1115db456b5fd8",
            "source": "kam193",
            "versions": [
                "0.0.1"
            ],
            "id": "pypi/2025-11-d1n0/pam98wyfupa98w"
        }
    ],
    "iocs": {
        "domains": [
            "d1n0.me"
        ]
    }
}
References
Credits

Affected packages

PyPI / pam98wyfupa98w

Package

Name
pam98wyfupa98w
View open source insights on deps.dev
Purl
pkg:pypi/pam98wyfupa98w

Affected ranges

Affected versions

0.*
0.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pam98wyfupa98w/MAL-2025-191810.json"