MAL-2025-1992

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/requests-x64/MAL-2025-1992.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-1992
Published
2025-02-04T17:58:19Z
Modified
2026-03-19T12:56:26.113667Z
Summary
Malicious code in requests-x64 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (996690f6aae3ce7456b45309072e2b12f5afda24b2f58e7f66b004c1f2b99872)

Code in setup.py attempts to silently download and execute an executable. The file contains a malware


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-02-requests-x64

Reasons (based on the campaign):

  • Downloads and executes a remote executable.
Database specific
{
    "iocs": {
        "urls": [
            "https://send.tresorit.com/a#oPaBw2_7GrteEiXwSSI29g"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "2.0.0"
            ],
            "id": "RLMA-2025-01235",
            "modified_time": "2025-03-03T13:45:15Z",
            "import_time": "2025-03-03T15:07:17.073589879Z",
            "sha256": "f127b68d650d7dc2e2142f0f4d07a799060c9bdb649b87317a15b2f071316ee7",
            "source": "reversing-labs"
        },
        {
            "id": "pypi/2025-02-requests-x64/requests-x64",
            "modified_time": "2025-02-04T17:58:19Z",
            "import_time": "2025-12-02T22:30:55.538875184Z",
            "sha256": "b61dd802c58f2577835c7848f5dd2977e05737aed2c00ccc9bd73c6003971140",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "id": "pypi/2025-02-requests-x64/requests-x64",
            "modified_time": "2025-02-04T17:58:19Z",
            "import_time": "2025-12-02T23:07:18.577433121Z",
            "sha256": "996690f6aae3ce7456b45309072e2b12f5afda24b2f58e7f66b004c1f2b99872",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "2.0.0"
            ],
            "id": "pypi/2025-02-requests-x64/requests-x64",
            "modified_time": "2025-02-04T17:58:19Z",
            "import_time": "2025-12-10T21:38:57.785614936Z",
            "sha256": "16987150630b3870a214ee45dd7d75b168c3597d79d092549b4f418ea08553aa",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00708",
            "modified_time": "2026-03-18T12:18:14Z",
            "import_time": "2026-03-19T12:20:22.753702933Z",
            "sha256": "055be74d01199b570cb1f9f875f9e3409ed8cfd35ff6fc0b5ff1bb09f30f7493",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / requests-x64

Package

Affected ranges

Affected versions

2.*
2.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/requests-x64/MAL-2025-1992.json"