-= Per source details. Do not edit below this line.=-
Contains a function to silently download malware
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-joyboyw
Reasons (based on the campaign):
Downloads and executes a remote malicious script.
malware
{
"iocs": {
"urls": [
"https://github.com/abdellahelka/filestorage/releases/download/1/assets.zip"
]
},
"malicious-packages-origins": [
{
"versions": [
"1.0.1",
"1.0.0"
],
"id": "pypi/2025-11-joyboyw/joyboyw",
"modified_time": "2025-12-05T13:45:46.494889Z",
"import_time": "2025-12-05T14:40:07.937459316Z",
"sha256": "36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242",
"source": "kam193"
},
{
"versions": [
"1.0.0",
"1.0.1"
],
"id": "pypi/2025-11-joyboyw/joyboyw",
"modified_time": "2025-12-05T13:45:46.494889Z",
"import_time": "2025-12-30T22:39:04.108335182Z",
"sha256": "55fd309408cb22eb138ed25c51659ba48d2f1e4ebbb519e653e023d46798572a",
"source": "kam193"
}
]
}