MAL-2025-191875

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/speed-testing-vps/MAL-2025-191875.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191875
Published
2025-11-23T16:18:01Z
Modified
2026-02-26T10:07:17.426666Z
Summary
Malicious code in speed-testing-vps (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b)

The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-10-speedd-testing-bot

Reasons (based on the campaign):

  • rat

  • Downloads and executes a remote malicious script.

  • typosquatting

Database specific 
{
    "iocs": {
        "domains": [
            "server-unlock-hack.onrender.com"
        ],
        "urls": [
            "https://pastebin.com/raw/xAT1vudj"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "0.2"
            ],
            "modified_time": "2025-11-23T16:18:01.920439Z",
            "sha256": "29da568a5a7165d6906358a1ca61eb425655dfe67671a09480d567e8aff780cf",
            "id": "pypi/2025-10-speedd-testing-bot/speed-testing-vps",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.603424741Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "modified_time": "2025-11-23T16:18:01.920439Z",
            "sha256": "e4aee6f623595ae53d4a3a5dacc90ca3e22bd08e5665df9344c9a098bfba973b",
            "id": "pypi/2025-10-speedd-testing-bot/speed-testing-vps",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.642820973Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "modified_time": "2025-11-23T16:18:01.920439Z",
            "sha256": "227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b",
            "id": "pypi/2025-10-speedd-testing-bot/speed-testing-vps",
            "source": "kam193",
            "import_time": "2025-12-31T15:38:00.895643162Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "modified_time": "2025-11-23T16:18:01.920439Z",
            "sha256": "5c351b08c65ef15128e5c625750e49f8daf09c342b463c01bbb2b71987e561cc",
            "id": "pypi/2025-10-speedd-testing-bot/speed-testing-vps",
            "source": "kam193",
            "import_time": "2026-01-12T23:35:38.665391051Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "modified_time": "2025-11-23T16:18:01.920439Z",
            "sha256": "8d3aadce75ffce61f3551db24112e5b77fc6e5e8ddebed61b56acf3fc689adb4",
            "id": "pypi/2025-10-speedd-testing-bot/speed-testing-vps",
            "source": "kam193",
            "import_time": "2026-01-18T23:07:34.015162171Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "modified_time": "2025-11-23T16:18:01.920439Z",
            "sha256": "aeca8ecf6340bc8ea15d50b5bf0ff90141bb02448a2a0c9b8c8d33c50bc6aa8b",
            "id": "pypi/2025-10-speedd-testing-bot/speed-testing-vps",
            "source": "kam193",
            "import_time": "2026-02-26T09:49:02.339309705Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / speed-testing-vps

Package

Name
speed-testing-vps
View open source insights on deps.dev
Purl
pkg:pypi/speed-testing-vps

Affected ranges

Affected versions

0.*
0.2

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/speed-testing-vps/MAL-2025-191875.json"