MAL-2025-2588

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/blackspammerbd-bsb/MAL-2025-2588.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-2588

Published

2025-03-19T14:42:00Z

Modified

2025-03-19T14:42:00Z

Summary

Malicious code in blackspammerbd-bsb (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: oracle-using-macaron (95b4b100eae0bd8d8b1d4a439c713c11286796c1c07beaa4cc0749305ead3307)

This package performs data exfiltration and remote control of the system by generating connection codes, file uploads and downloads, and obfuscation. These actions could allow unauthorized access to sensitive information or remote manipulation of the system.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "95b4b100eae0bd8d8b1d4a439c713c11286796c1c07beaa4cc0749305ead3307",
            "import_time": "2025-03-19T14:42:00Z",
            "versions": [
                "1.0.1"
            ],
            "source": "oracle-using-macaron",
            "modified_time": "2025-03-19T14:42:00Z"
        }
    ]
}

References

Credits

- Oracle using Macaron - FINDER
- - https://github.com/oracle/macaron

Affected packages

PyPI / blackspammerbd-bsb

Package

Name: blackspammerbd-bsb; View open source insights on deps.dev
Purl: pkg:pypi/blackspammerbd-bsb

Affected ranges

Affected versions

1.*

1.0.1