MAL-2025-1980
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mlc-ai-nightly/MAL-2025-1980.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-1980
- Published
- 2025-01-21T18:27:56Z
- Modified
- 2026-04-16T15:58:47.551990Z
- Summary
- Malicious code in mlc-ai-nightly (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (7f1b0b9f87631941501e2d04d9eab7f1cd7232f770812e3373b736f9e682dc2a)
Installing the package exfiltrates information about the host, including environmental variables.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-01-mlc-ai-nightly
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
exfiltration-env-variables
dependency-confusion
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2025-03-03T13:45:00Z", "versions": [ "9.9.9", "9.9.99" ], "sha256": "f2f2448a6e809b5652703a01b26ffa3f9bbb65e24c7787af16dec2b2202b1014", "id": "RLMA-2025-01221", "source": "reversing-labs", "import_time": "2025-03-03T15:07:15.711773495Z" }, { "modified_time": "2025-01-21T18:27:56Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "sha256": "41a95be29005f697d7d9b8e181b8c826ef6f44d7236ccf86e7625a94730ff564", "id": "pypi/2025-01-mlc-ai-nightly/mlc-ai-nightly", "source": "kam193", "import_time": "2025-12-02T22:30:55.341505512Z" }, { "modified_time": "2025-01-21T18:27:56Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "sha256": "7f1b0b9f87631941501e2d04d9eab7f1cd7232f770812e3373b736f9e682dc2a", "id": "pypi/2025-01-mlc-ai-nightly/mlc-ai-nightly", "source": "kam193", "import_time": "2025-12-02T23:07:18.371016637Z" }, { "modified_time": "2025-01-21T18:27:56Z", "versions": [ "0.0.1", "9.9.9", "9.9.99" ], "sha256": "6f224462b0e3f2708463ba91241645578b5beb72fc7e1f515257a5917e1a079e", "id": "pypi/2025-01-mlc-ai-nightly/mlc-ai-nightly", "source": "kam193", "import_time": "2025-12-10T21:38:57.59699036Z" }, { "modified_time": "2026-03-18T12:16:09Z", "sha256": "93f5f04580275ab2a5ab52810dde2cb1ab98c16a2905b5e43ae603c2dc135ee6", "id": "RLUA-2026-00525", "source": "reversing-labs", "import_time": "2026-03-19T12:20:05.078889603Z" }, { "modified_time": "2026-04-16T10:27:17Z", "versions": [ "0.0.1" ], "sha256": "26a521f54774288cebbfc79b2ec113bafd07429f3b494c35536d457cebb5ba49", "id": "RLUA-2026-02074", "source": "reversing-labs", "import_time": "2026-04-16T15:39:35.443009336Z" } ], "iocs": { "domains": [ "depcon.buzz" ] } }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / mlc-ai-nightly
Package
- Name
- mlc-ai-nightly
- View open source insights on deps.dev
- Purl
- pkg:pypi/mlc-ai-nightly