MAL-2025-191876

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/speedd-testing-bot/MAL-2025-191876.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191876
Published
2025-10-28T19:23:53Z
Modified
2026-02-26T10:07:18.871292Z
Summary
Malicious code in speedd-testing-bot (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (2aaec37a58d7717b510aa569770af696e33ae7f9a59e733af3d6341d712f0d66)

The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-10-speedd-testing-bot

Reasons (based on the campaign):

  • rat

  • Downloads and executes a remote malicious script.

  • typosquatting

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.2"
            ],
            "sha256": "8b4d3ec5703e4b8137b2a14ba931c94f6fa99282a52b0e084f23774d8f9527c8",
            "modified_time": "2025-10-28T19:23:53.795242Z",
            "source": "kam193",
            "id": "pypi/2025-10-speedd-testing-bot/speedd-testing-bot",
            "import_time": "2025-12-02T22:30:55.604171226Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "sha256": "b2c8226bceca5e4ecb7950563c129411c4541487f265f417a358bb42170357dd",
            "modified_time": "2025-10-28T19:23:53.795242Z",
            "source": "kam193",
            "id": "pypi/2025-10-speedd-testing-bot/speedd-testing-bot",
            "import_time": "2025-12-02T23:07:18.643616658Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "sha256": "2aaec37a58d7717b510aa569770af696e33ae7f9a59e733af3d6341d712f0d66",
            "modified_time": "2025-10-28T19:23:53.795242Z",
            "source": "kam193",
            "id": "pypi/2025-10-speedd-testing-bot/speedd-testing-bot",
            "import_time": "2025-12-31T15:38:00.896361455Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "sha256": "1329244d3e5dfdef07b3cc834eeb8bcf8765f76ac8351b1af6350bfe293be678",
            "modified_time": "2025-10-28T19:23:53.795242Z",
            "source": "kam193",
            "id": "pypi/2025-10-speedd-testing-bot/speedd-testing-bot",
            "import_time": "2026-01-12T23:35:38.666193357Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "sha256": "e50af7aaba81cf32521bbe78eabde8e358e8721b0a599287f6bf4a32c50b6545",
            "modified_time": "2025-10-28T19:23:53.795242Z",
            "source": "kam193",
            "id": "pypi/2025-10-speedd-testing-bot/speedd-testing-bot",
            "import_time": "2026-01-18T23:07:34.015994405Z"
        },
        {
            "versions": [
                "0.2"
            ],
            "sha256": "476a2ea3c5babf4b9efb0534f42f9ccf56287a8db0eceb2674abd6eaa929e060",
            "modified_time": "2025-10-28T19:23:53.795242Z",
            "source": "kam193",
            "id": "pypi/2025-10-speedd-testing-bot/speedd-testing-bot",
            "import_time": "2026-02-26T09:49:02.340316385Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://pastebin.com/raw/xAT1vudj"
        ],
        "domains": [
            "server-unlock-hack.onrender.com"
        ]
    }
}
References
Credits

Affected packages

PyPI / speedd-testing-bot

Package

Name
speedd-testing-bot
View open source insights on deps.dev
Purl
pkg:pypi/speedd-testing-bot

Affected ranges

Affected versions

0.*
0.2

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/speedd-testing-bot/MAL-2025-191876.json"