-= Per source details. Do not edit below this line.=-
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
{
"malicious-packages-origins": [
{
"versions": [
"2.1.1",
"1.9.12"
],
"sha256": "85ef8be37279139c446e671f7fd548ce6f964d04cd769fec42a9575f33c9da26",
"modified_time": "2025-09-13T21:49:01.587723Z",
"source": "kam193",
"id": "pypi/GENERIC-standard-pypi-install-pentest/r-irkernel",
"import_time": "2025-12-02T22:30:56.353673435Z"
},
{
"versions": [
"2.1.1",
"1.9.12"
],
"sha256": "0d34dbf9f927fd7d2e9b1b97bf72e0063bbccd6f536a9c2e9e40c2f9371abd8e",
"modified_time": "2025-09-13T21:49:01.587723Z",
"source": "kam193",
"id": "pypi/GENERIC-standard-pypi-install-pentest/r-irkernel",
"import_time": "2025-12-02T23:07:19.545304801Z"
},
{
"versions": [
"1.9.12",
"2.1.1"
],
"sha256": "e555d033855ca625e2eaa718ecb27c579f60bfd7224101ebd048ee14cfba94d3",
"modified_time": "2025-09-13T21:49:01.587723Z",
"source": "kam193",
"id": "pypi/GENERIC-standard-pypi-install-pentest/r-irkernel",
"import_time": "2025-12-30T22:39:04.340972087Z"
}
]
}