MAL-2025-191836

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyrovider/MAL-2025-191836.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191836
Published
2025-03-24T17:43:55Z
Modified
2025-12-31T02:56:20.983399Z
Summary
Malicious code in pyrovider (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55)

On importing the module, package exfiltrates basic data like username. It's obfuscated with a lot of meaningless text and has no other purpose


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2025-03-pyrovider

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
Database specific
{
    "malicious-packages-origins": [
        {
            "id": "pypi/2025-03-pyrovider/pyrovider",
            "modified_time": "2025-03-24T17:43:55Z",
            "import_time": "2025-12-02T22:30:56.328366828Z",
            "sha256": "bf04e1165bcc092863a197ba8653b5669eb3ca2de4214f3c15c5f33a2ad6058d",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "id": "pypi/2025-03-pyrovider/pyrovider",
            "modified_time": "2025-03-24T17:43:55Z",
            "import_time": "2025-12-02T23:07:19.518498118Z",
            "sha256": "a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "10.0.1",
                "10.0.2",
                "10.0.4",
                "10.0.3",
                "10.0.5",
                "10.0.6"
            ],
            "id": "pypi/2025-03-pyrovider/pyrovider",
            "modified_time": "2025-03-24T17:43:55Z",
            "import_time": "2025-12-10T21:38:58.62943721Z",
            "sha256": "8a284c8693df6b69a813c449df740a232856337eba2e3f6de000a030651f1364",
            "source": "kam193"
        },
        {
            "versions": [
                "10.0.1",
                "10.0.2",
                "10.0.3",
                "10.0.4",
                "10.0.5",
                "10.0.6"
            ],
            "id": "pypi/2025-03-pyrovider/pyrovider",
            "modified_time": "2025-03-24T17:43:55Z",
            "import_time": "2025-12-30T22:39:04.334986255Z",
            "sha256": "19c9fdf0ca847c71135513283274654eff4dcaa62baf7fcd56919b9d031a198b",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / pyrovider

Package

Affected ranges

Affected versions

10.*
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyrovider/MAL-2025-191836.json"