MAL-2025-191868

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/singtok/MAL-2025-191868.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191868
Published
2025-02-18T20:50:57Z
Modified
2025-12-31T02:56:51.587467Z
Summary
Malicious code in singtok (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce)

Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the malicious code is now a little more hidden in the functionality and starts after presenting some allegedly expected activity


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-02-tiksing

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • obfuscation

  • malware

Database specific
{
    "iocs": {
        "domains": [
            "kuruptd.ink"
        ],
        "urls": [
            "https://kuruptd.ink/fiaegjnkaegjhiageaij0geajb8387r5315gvvassdgvaknldv7at6.php",
            "https://shorturl.at/pL5qZ"
        ],
        "ips": [
            "185.118.79.24"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "pypi/2025-02-tiksing/singtok",
            "modified_time": "2025-02-18T20:50:57Z",
            "import_time": "2025-12-02T22:30:55.575728951Z",
            "sha256": "3334e722f7b75e431c3c41f9daaf95f192a005354093f7fb4d7b0edae8d613c0",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "id": "pypi/2025-02-tiksing/singtok",
            "modified_time": "2025-02-18T20:50:57Z",
            "import_time": "2025-12-02T23:07:18.617618118Z",
            "sha256": "20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "0.0.3",
                "0.0.1",
                "0.0.4"
            ],
            "id": "pypi/2025-02-tiksing/singtok",
            "modified_time": "2025-02-18T20:50:57Z",
            "import_time": "2025-12-10T21:38:57.816693341Z",
            "sha256": "d4549fba2358242661530a53506fbd15808f05271ae18b1b1a296f6ceecdd30f",
            "source": "kam193"
        },
        {
            "versions": [
                "0.0.1",
                "0.0.3",
                "0.0.4"
            ],
            "id": "pypi/2025-02-tiksing/singtok",
            "modified_time": "2025-02-18T20:50:57Z",
            "import_time": "2025-12-30T22:39:04.177033669Z",
            "sha256": "94f31de9f6e4db4aac73ff160fac8e40c47cf5f333f26aa37fb2a7278911a154",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / singtok

Package

Affected ranges

Affected versions

0.*
0.0.1
0.0.3
0.0.4

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/singtok/MAL-2025-191868.json"