-= Per source details. Do not edit below this line.=-
Package sends image files to a hardcoded Discord webhook. It requires manual start and expects user's interaction.
However, the package clearly impersonate a brand and so tries to hide the real actions.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-voicemetterr
Reasons (based on the campaign):
other
impersonation
files-exfiltration
{
"malicious-packages-origins": [
{
"versions": [
"1.0.3",
"1.0.2",
"1.0.1",
"1.0.0",
"1.0.4",
"1.0.5"
],
"sha256": "0956b9dd420ca821511344815cb51fa22458f39542a1b1524084186a1bcc5401",
"modified_time": "2025-11-25T00:02:06.443665Z",
"source": "kam193",
"id": "pypi/2025-11-voicemetterr/voicemetterr",
"import_time": "2025-12-02T22:30:55.716447996Z"
},
{
"versions": [
"1.0.3",
"1.0.2",
"1.0.1",
"1.0.0",
"1.0.4",
"1.0.5"
],
"sha256": "96387f13bb167829d9ffd47e15174e794c9a0a0922ca411c2b5d67f33725d769",
"modified_time": "2025-11-25T00:02:06.443665Z",
"source": "kam193",
"id": "pypi/2025-11-voicemetterr/voicemetterr",
"import_time": "2025-12-02T23:07:18.756212369Z"
},
{
"versions": [
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.5"
],
"sha256": "1e1777e750c426898d5c591e80284da1ea3cf1f5e139a6bb1bafe2567c0d01d1",
"modified_time": "2025-11-25T00:02:06.443665Z",
"source": "kam193",
"id": "pypi/2025-11-voicemetterr/voicemetterr",
"import_time": "2025-12-30T22:39:04.206284816Z"
}
],
"iocs": {
"urls": [
"https://discord.com/api/webhooks/1441168746248142889/WRJveZ9l89qoPozRN2KWwwiqsP_7-EXp68Mx0bDJtI8O152rd4fySDIH3tXjMSqUT8WS"
]
}
}