MAL-2025-192436

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/jsonschema-utf8/MAL-2025-192436.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192436
Published
2025-12-10T17:39:08Z
Modified
2025-12-10T18:51:53.093817Z
Summary
Malicious code in jsonschema-utf8 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab)

Package clones a popular package (loguru, jsonschema, ...). While it claims to have some additional features, the real change is an added compiled native library which is silently loaded in the background during the importing of the module. The exact behavior is unknown, but the binary is obfuscated

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-loguru-utf8

Reasons (based on the campaign):

  • clones-real-package

  • obfuscation

  • typosquatting

  • native-extension

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab",
            "id": "pypi/2025-12-loguru-utf8/jsonschema-utf8",
            "import_time": "2025-12-10T18:45:05.209011163Z",
            "modified_time": "2025-12-10T17:39:08.13079Z",
            "versions": [
                "4.1.2",
                "4.1.1",
                "4.1.0"
            ],
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / jsonschema-utf8

Package

Name
jsonschema-utf8
View open source insights on deps.dev
Purl
pkg:pypi/jsonschema-utf8

Affected ranges

Affected versions

4.*

4.1.0
4.1.1
4.1.2