MAL-2025-191873

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sorex/MAL-2025-191873.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191873
Published
2025-06-14T09:18:22Z
Modified
2025-12-31T02:52:04.989138Z
Summary
Malicious code in sorex (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (9fc62b886698742e247a58de03e45e48cc06149abb4e65e77df10984818ed4f1)

Clones of libraries to access Aminoapps (e.g. legitimate package amino.fix) with added exfiltration of the given credentials


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-06-sorex

Reasons (based on the campaign):

  • exfiltration-credentials

  • action-hidden-in-lib-usage

  • clones-real-package

Database specific
{
    "malicious-packages-origins": [
        {
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "id": "pypi/2025-06-sorex/sorex",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.601826204Z",
            "modified_time": "2025-06-14T09:18:22Z",
            "sha256": "b3e73ea60d5e899bb3417b2445c911da59d926ed609dfbb0fc63d80dfdef8c7e"
        },
        {
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "id": "pypi/2025-06-sorex/sorex",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.641351303Z",
            "modified_time": "2025-06-14T09:18:22Z",
            "sha256": "9fc62b886698742e247a58de03e45e48cc06149abb4e65e77df10984818ed4f1"
        },
        {
            "sha256": "1ac5744723cdd90a82bfd41348056dd50d1e1da4ed69d3114a8994998a8733fd",
            "id": "pypi/2025-06-sorex/sorex",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:57.834605443Z",
            "modified_time": "2025-06-14T09:18:22Z",
            "versions": [
                "1.1.9",
                "1.1.0",
                "1.0.0",
                "0.8.0",
                "0.6.0",
                "0.7.0",
                "0.5.0",
                "0.4.0",
                "0.3.0"
            ]
        },
        {
            "sha256": "4eed29287bd3b107adf7025593709ca8943dec04c32915773804734b0ad9d987",
            "id": "pypi/2025-06-sorex/sorex",
            "source": "kam193",
            "import_time": "2025-12-30T22:39:04.181465193Z",
            "modified_time": "2025-06-14T09:18:22Z",
            "versions": [
                "0.3.0",
                "0.4.0",
                "0.5.0",
                "0.6.0",
                "0.7.0",
                "0.8.0",
                "1.0.0",
                "1.1.0",
                "1.1.9"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / sorex

Package

Affected ranges

Affected versions

0.*
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
1.*
1.0.0
1.1.0
1.1.9

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sorex/MAL-2025-191873.json"