-= Per source details. Do not edit below this line.=-
On importing the module, package exfiltrates basic data like username. It's obfuscated with a lot of meaningless text and has no other purpose
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2025-03-pyrovider
Reasons (based on the campaign):
{
"malicious-packages-origins": [
{
"id": "pypi/2025-03-pyrovider/pyrovider",
"modified_time": "2025-03-24T17:43:55Z",
"import_time": "2025-12-02T22:30:56.328366828Z",
"sha256": "bf04e1165bcc092863a197ba8653b5669eb3ca2de4214f3c15c5f33a2ad6058d",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"id": "pypi/2025-03-pyrovider/pyrovider",
"modified_time": "2025-03-24T17:43:55Z",
"import_time": "2025-12-02T23:07:19.518498118Z",
"sha256": "a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"versions": [
"10.0.1",
"10.0.2",
"10.0.4",
"10.0.3",
"10.0.5",
"10.0.6"
],
"id": "pypi/2025-03-pyrovider/pyrovider",
"modified_time": "2025-03-24T17:43:55Z",
"import_time": "2025-12-10T21:38:58.62943721Z",
"sha256": "8a284c8693df6b69a813c449df740a232856337eba2e3f6de000a030651f1364",
"source": "kam193"
},
{
"versions": [
"10.0.1",
"10.0.2",
"10.0.3",
"10.0.4",
"10.0.5",
"10.0.6"
],
"id": "pypi/2025-03-pyrovider/pyrovider",
"modified_time": "2025-03-24T17:43:55Z",
"import_time": "2025-12-30T22:39:04.334986255Z",
"sha256": "19c9fdf0ca847c71135513283274654eff4dcaa62baf7fcd56919b9d031a198b",
"source": "kam193"
}
]
}