MAL-2025-2008

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/usvr-agent/MAL-2025-2008.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-2008
Published
2025-03-03T13:45:33Z
Modified
2026-04-01T12:41:54.083775Z
Summary
Malicious code in usvr-agent (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (7a3eac081596280531048d1ddd913b8c2f71c1ba50ab26ee062caa484ae0f4fe)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.0"
            ],
            "sha256": "783e7c855dc7ca39f952e085878b2d8f6672afd6174ef7883163346fde2da810",
            "modified_time": "2025-03-03T13:45:33Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-01253",
            "import_time": "2025-03-03T15:07:18.896918317Z"
        },
        {
            "versions": [
                "0.2.0",
                "0.3.0"
            ],
            "sha256": "7a3eac081596280531048d1ddd913b8c2f71c1ba50ab26ee062caa484ae0f4fe",
            "modified_time": "2026-02-24T13:46:47.079003Z",
            "source": "kam193",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/usvr-agent",
            "import_time": "2026-02-24T14:25:57.386203174Z"
        },
        {
            "sha256": "1405e2750a6a5af336cf7ff5a520f14cc72102bac8781cb4540a3e464296359f",
            "modified_time": "2026-03-18T12:20:03Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00878",
            "import_time": "2026-03-19T12:20:39.370782446Z"
        },
        {
            "versions": [
                "0.2.0"
            ],
            "sha256": "001629f2306b8aa194cea60e8546ba1cdd5f17ba30a5b416bbd55d169fd7b23a",
            "modified_time": "2026-03-24T15:22:55Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-01689",
            "import_time": "2026-04-01T12:26:13.182725011Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / usvr-agent

Package

Affected ranges

Affected versions

0.*
0.1.0
0.2.0
0.3.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/usvr-agent/MAL-2025-2008.json"