MAL-2025-1995

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/rqsts/MAL-2025-1995.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-1995

Published

2025-01-25T16:53:01Z

Modified

2026-03-19T12:56:44.167945Z

Summary

Malicious code in rqsts (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (f9b439bd545383aa5d5b1739d488888d95d4db48c34dc5d8c0339d0e95036af5)

Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-01-rqsts

Reasons (based on the campaign):

clones-real-package
dependency-confusion
action-hidden-in-lib-usage

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "57702300f5f501f1ab1a263a8c5def6487e55baf3aaa009fd805b0f63452d2c9",
            "source": "reversing-labs",
            "modified_time": "2025-03-03T13:45:18Z",
            "id": "RLMA-2025-01238",
            "import_time": "2025-03-03T15:07:17.370754961Z",
            "versions": [
                "2.28.1"
            ]
        },
        {
            "sha256": "08f341e4a6bb7d1a61001636633c9095b6ce869578791c61c8cbea8cf6caea1e",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193",
            "modified_time": "2025-01-25T16:53:01Z",
            "id": "pypi/2025-01-rqsts/rqsts",
            "import_time": "2025-12-02T22:30:55.552252008Z"
        },
        {
            "sha256": "f9b439bd545383aa5d5b1739d488888d95d4db48c34dc5d8c0339d0e95036af5",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193",
            "modified_time": "2025-01-25T16:53:01Z",
            "id": "pypi/2025-01-rqsts/rqsts",
            "import_time": "2025-12-02T23:07:18.594021789Z"
        },
        {
            "sha256": "b26fbf60519c0a813686bd4c94657fa06694648bcc8053a9255c78c2980555c6",
            "source": "kam193",
            "modified_time": "2025-01-25T16:53:01Z",
            "id": "pypi/2025-01-rqsts/rqsts",
            "import_time": "2025-12-10T21:38:57.801455526Z",
            "versions": [
                "2.28.1"
            ]
        },
        {
            "sha256": "f2d08efd18c12dbf3082aeef93dc81d81f3eca9703a5020a89869649a7c5205e",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:18:30Z",
            "id": "RLUA-2026-00731",
            "import_time": "2026-03-19T12:20:24.95569166Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/rqsts

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / rqsts

Package

Name: rqsts; View open source insights on deps.dev
Purl: pkg:pypi/rqsts

Affected ranges

Affected versions

2.*

2.28.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/rqsts/MAL-2025-1995.json"