MAL-2025-192376

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/graphnode/MAL-2025-192376.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192376
Published
2025-12-08T14:14:35Z
Modified
2025-12-08T14:52:28.167481Z
Summary
Malicious code in graphnode (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (981903800087e4528bba3ec6bb841e810feaedfa490e7f078fcac9c9d663e4ce)

This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and perform covering tracks by removing the modified code and all references to it. During the analysis, most of remote URLs did not serve any meaningful content, so the final goal is unknown.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-graphnode

Reasons (based on the campaign):

  • obfuscation

  • Downloads and executes a remote malicious script.

  • clones-real-package

Database specific 
{
    "iocs": {
        "urls": [
            "https://raw.githubusercontent.com/oscaratkins831/CrowdFunding-Smart-Contract-main/refs/heads/main/readme.md",
            "https://drive.google.com/uc?export=download&id=1JhtoVi6UjdCEa9mT5kHvYxd2UauiccW4",
            "https://aurevian.cloud/public/startup.py?ver=1.2",
            "https://raw.githubusercontent.com/ronniebrooks/node-javascript-ecommerce-main/refs/heads/main/.gitignore",
            "https://raw.githubusercontent.com/ronniebrooks/node-javascript-ecommerce-main/refs/heads/main/package.json",
            "https://drive.google.com/uc?export=download&id=1FKQxvZM2zl0pmtf_cIHdjLSVdf-ZlUYR",
            "https://drive.google.com/uc?export=download&id=1RPC49CCI9urhfoVdPkO3pCSI4Lr430Lx"
        ],
        "domains": [
            "aurevian.cloud"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "1.1.0",
                "1.0.1",
                "1.0.0"
            ],
            "id": "pypi/2025-12-graphnode/graphnode",
            "modified_time": "2025-12-08T14:14:35.968318Z",
            "import_time": "2025-12-08T14:40:59.544838707Z",
            "sha256": "981903800087e4528bba3ec6bb841e810feaedfa490e7f078fcac9c9d663e4ce",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / graphnode

Package

Name
graphnode
View open source insights on deps.dev
Purl
pkg:pypi/graphnode

Affected ranges

Affected versions

1.*

1.0.0
1.0.1
1.1.0