MAL-2025-191921

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/voicemetterr/MAL-2025-191921.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191921
Published
2025-11-21T19:23:01Z
Modified
2025-12-31T02:55:28.191275Z
Summary
Malicious code in voicemetterr (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (96387f13bb167829d9ffd47e15174e794c9a0a0922ca411c2b5d67f33725d769)

Package sends image files to a hardcoded Discord webhook. It requires manual start and expects user's interaction.

However, the package clearly impersonate a brand and so tries to hide the real actions.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-voicemetterr

Reasons (based on the campaign):

  • other

  • impersonation

  • files-exfiltration

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.3",
                "1.0.2",
                "1.0.1",
                "1.0.0",
                "1.0.4",
                "1.0.5"
            ],
            "sha256": "0956b9dd420ca821511344815cb51fa22458f39542a1b1524084186a1bcc5401",
            "modified_time": "2025-11-25T00:02:06.443665Z",
            "source": "kam193",
            "id": "pypi/2025-11-voicemetterr/voicemetterr",
            "import_time": "2025-12-02T22:30:55.716447996Z"
        },
        {
            "versions": [
                "1.0.3",
                "1.0.2",
                "1.0.1",
                "1.0.0",
                "1.0.4",
                "1.0.5"
            ],
            "sha256": "96387f13bb167829d9ffd47e15174e794c9a0a0922ca411c2b5d67f33725d769",
            "modified_time": "2025-11-25T00:02:06.443665Z",
            "source": "kam193",
            "id": "pypi/2025-11-voicemetterr/voicemetterr",
            "import_time": "2025-12-02T23:07:18.756212369Z"
        },
        {
            "versions": [
                "1.0.0",
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4",
                "1.0.5"
            ],
            "sha256": "1e1777e750c426898d5c591e80284da1ea3cf1f5e139a6bb1bafe2567c0d01d1",
            "modified_time": "2025-11-25T00:02:06.443665Z",
            "source": "kam193",
            "id": "pypi/2025-11-voicemetterr/voicemetterr",
            "import_time": "2025-12-30T22:39:04.206284816Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://discord.com/api/webhooks/1441168746248142889/WRJveZ9l89qoPozRN2KWwwiqsP_7-EXp68Mx0bDJtI8O152rd4fySDIH3tXjMSqUT8WS"
        ]
    }
}
References
Credits

Affected packages

PyPI / voicemetterr

Package

Affected ranges

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/voicemetterr/MAL-2025-191921.json"