MAL-2025-191941

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/zakuraweb/MAL-2025-191941.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191941
Published
2025-11-12T23:25:46Z
Modified
2025-12-03T00:37:49.908692Z
Summary
Malicious code in zakuraweb (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (aa544044c8a113eb904f97650e8132de793d3bab5a7328a3714495e3f6a2283e)

Importing the module starts exfiltrating Discord tokens


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-morosint

Reasons (based on the campaign):

  • exfiltration-browser-data

  • exfiltration-credentials

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "6b16ae376b90b0961ff852408bd5dea69dc3a4af0012282b7680ff7de71e9f98",
            "modified_time": "2025-11-12T23:25:46.371702Z",
            "source": "kam193",
            "id": "pypi/2025-11-morosint/zakuraweb",
            "import_time": "2025-12-02T22:30:55.789301338Z"
        },
        {
            "versions": [
                "0.0.1"
            ],
            "sha256": "aa544044c8a113eb904f97650e8132de793d3bab5a7328a3714495e3f6a2283e",
            "modified_time": "2025-11-12T23:25:46.371702Z",
            "source": "kam193",
            "id": "pypi/2025-11-morosint/zakuraweb",
            "import_time": "2025-12-02T23:07:18.832855267Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://canary.discord.com/api/webhooks/1438273237867036682/y-jlMJWQRYZlxmYEAzEKNQLMRG3GTh7ZcVryf-CpYulJymcNV_rXJMFtvIDke7E7w5HW",
            "https://canary.discord.com/api/webhooks/1437951747627815105/pye5awwKpavmOnp0tOfLosFBXM-mRTX1rSQFTMBOWiNMJ9FZYvcOYRYS331jO7WSyWVL"
        ]
    }
}
References
Credits

Affected packages

PyPI / zakuraweb

Package

Affected ranges

Affected versions

0.*
0.0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/zakuraweb/MAL-2025-191941.json"