MAL-2025-191812

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/peptest/MAL-2025-191812.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191812
Published
2025-11-20T11:33:54Z
Modified
2026-03-19T12:55:26.958566Z
Summary
Malicious code in peptest (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (1230d903d5782f1a6d2d779ada368260f2c32d9e4f74bfd3ddd8f4df9c570572)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.2.1",
                "1.2.0",
                "1.0.0"
            ],
            "sha256": "9ae640cbfc50fbe6bf010721d445902c56577b9a1a5dd44e796e71efc2d7bedd",
            "modified_time": "2025-11-20T11:33:54.291046Z",
            "source": "kam193",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/peptest",
            "import_time": "2025-12-02T22:30:56.291919636Z"
        },
        {
            "versions": [
                "1.2.1",
                "1.2.0",
                "1.0.0"
            ],
            "sha256": "1230d903d5782f1a6d2d779ada368260f2c32d9e4f74bfd3ddd8f4df9c570572",
            "modified_time": "2025-11-20T11:33:54.291046Z",
            "source": "kam193",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/peptest",
            "import_time": "2025-12-02T23:07:19.479653686Z"
        },
        {
            "versions": [
                "1.0.0",
                "1.2.0",
                "1.2.1"
            ],
            "sha256": "e6a6a5147a29c39806d36d59d54fb3a86bbdedcf834d03536c6c2ea68f33983c",
            "modified_time": "2025-12-23T08:39:15Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-06578",
            "import_time": "2025-12-24T10:07:30.899166885Z"
        },
        {
            "versions": [
                "1.0.0",
                "1.2.0",
                "1.2.1"
            ],
            "sha256": "960d8de4f38a7c0ce09a2e750d83073f7455207ce8590c9526cccadab0840f4c",
            "modified_time": "2025-11-20T11:33:54.291046Z",
            "source": "kam193",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/peptest",
            "import_time": "2025-12-30T22:39:04.326786945Z"
        },
        {
            "sha256": "8fc9558d1eecec30d555da224cbd6f2bbaab9165faa3ec95e88e7a6ad4c67357",
            "modified_time": "2026-03-18T12:16:51Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00586",
            "import_time": "2026-03-19T12:20:11.6411793Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / peptest

Package

Affected ranges

Affected versions

1.*
1.0.0
1.2.0
1.2.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/peptest/MAL-2025-191812.json"