MAL-2025-191911

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tronapihelper/MAL-2025-191911.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191911
Published
2025-08-10T14:59:50Z
Modified
2025-12-03T00:35:29.303222Z
Summary
Malicious code in tronapihelper (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (8668b25d81460ff9ac1973c8f9ad6e6092350a4a08d6a4b5ba1fc827a553dc38)

Package is prepared to exfiltrate private keys, most probably for Tron cryptocurrency. There is no other purpose of the package

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-tronapisync

Reasons (based on the campaign):

  • exfiltration-crypto
Database specific 
{
    "iocs": {
        "domains": [
            "tronapipy.sbs"
        ]
    },
    "malicious-packages-origins": [
        {
            "source": "kam193",
            "id": "pypi/2025-08-tronapisync/tronapihelper",
            "modified_time": "2025-08-10T14:59:50.951568Z",
            "sha256": "a50ae29970696a88414492cb3697418f0c1f996ba5f52c8099999c2effb9620e",
            "versions": [
                "0.1.0"
            ],
            "import_time": "2025-12-02T22:30:55.660974361Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-08-tronapisync/tronapihelper",
            "modified_time": "2025-08-10T14:59:50.951568Z",
            "sha256": "8668b25d81460ff9ac1973c8f9ad6e6092350a4a08d6a4b5ba1fc827a553dc38",
            "versions": [
                "0.1.0"
            ],
            "import_time": "2025-12-02T23:07:18.704692024Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / tronapihelper

Package

Name
tronapihelper
View open source insights on deps.dev
Purl
pkg:pypi/tronapihelper

Affected ranges

Affected versions

0.*
0.1.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tronapihelper/MAL-2025-191911.json"