MAL-2025-191850

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/quicksort-pro/MAL-2025-191850.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-191850

Published

2025-11-13T19:25:07Z

Modified

2025-12-31T02:56:28.719408Z

Summary

Malicious code in quicksort-pro (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (d58062fd8cad559810255c4386b2acbeda83096e2999ea1172b10d0d7af008cb)

Importing the module downloads and executes an executable with malware

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-quicksort-pro

Reasons (based on the campaign):

malware
Downloads and executes a remote executable.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "pypi/2025-11-quicksort-pro/quicksort-pro",
            "import_time": "2025-12-02T22:30:55.514420526Z",
            "source": "kam193",
            "versions": [
                "1.9.0",
                "1.8.0",
                "1.7.0",
                "1.6.0",
                "1.5.0",
                "1.0.0"
            ],
            "modified_time": "2025-11-13T19:25:07.969025Z",
            "sha256": "57f0f8643942833540b095486317200ce0180ae07a8569380d12590f4e815fa9"
        },
        {
            "id": "pypi/2025-11-quicksort-pro/quicksort-pro",
            "import_time": "2025-12-02T23:07:18.540574633Z",
            "source": "kam193",
            "versions": [
                "1.9.0",
                "1.8.0",
                "1.7.0",
                "1.6.0",
                "1.5.0",
                "1.0.0"
            ],
            "modified_time": "2025-11-13T19:25:07.969025Z",
            "sha256": "d58062fd8cad559810255c4386b2acbeda83096e2999ea1172b10d0d7af008cb"
        },
        {
            "id": "pypi/2025-11-quicksort-pro/quicksort-pro",
            "import_time": "2025-12-30T22:39:04.150680977Z",
            "source": "kam193",
            "versions": [
                "1.0.0",
                "1.5.0",
                "1.6.0",
                "1.7.0",
                "1.8.0",
                "1.9.0"
            ],
            "modified_time": "2025-11-13T19:25:07.969025Z",
            "sha256": "39fe14543c3610dc8da219c28b6ed0418b67900d1b958b4eec907aca808e672c"
        }
    ],
    "iocs": {
        "domains": [
            "dependency-bot.satirical6355.workers.dev",
            "dependency-bot.pages.dev"
        ]
    }
}

References

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / quicksort-pro

Package

Name: quicksort-pro; View open source insights on deps.dev
Purl: pkg:pypi/quicksort-pro

Affected ranges

Affected versions

1.*

1.0.0

1.5.0

1.6.0

1.7.0

1.8.0

1.9.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/quicksort-pro/MAL-2025-191850.json"