MAL-2025-2596

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/blackspammerbd-v1/MAL-2025-2596.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-2596

Published

2025-03-19T14:42:00Z

Modified

2025-03-19T14:42:00Z

Summary

Malicious code in blackspammerbd-v1 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: oracle-using-macaron (d696247c09031d2d4a82b6ec26822f3282f859aeaed36b9ef8a1c42c3f255c19)

The package performs data exfiltration and remote control of the system by generating connection codes, enabling file uploads and downloads, and obfuscation. These actions could allow unauthorized access to sensitive information or remote manipulation of the system.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "d696247c09031d2d4a82b6ec26822f3282f859aeaed36b9ef8a1c42c3f255c19",
            "source": "oracle-using-macaron",
            "modified_time": "2025-03-19T14:42:00Z",
            "import_time": "2025-03-19T14:42:00Z",
            "versions": [
                "1.0.1"
            ]
        }
    ]
}

References

Credits

- Oracle using Macaron - FINDER
- - https://github.com/oracle/macaron

Affected packages

PyPI / blackspammerbd-v1

Package

Name: blackspammerbd-v1; View open source insights on deps.dev
Purl: pkg:pypi/blackspammerbd-v1

Affected ranges

Affected versions

1.*

1.0.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/blackspammerbd-v1/MAL-2025-2596.json"