MAL-2025-3004
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/systoring/MAL-2025-3004.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-3004
- Published
- 2025-02-13T13:18:05Z
- Modified
- 2026-03-19T12:57:12.207535Z
- Summary
- Malicious code in systoring (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (5be790277882f23120bae2ed3979650349878074f8d3d10f869d726fa106160f)
Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different innocent-looking names.
The campaign contains the with Infostealer itself and packages that include it as dependency and triggered.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-02-multis
Reasons (based on the campaign):
infostealer
The malicious code is intentionally included in a dependency of the package
- Database specific
{ "malicious-packages-origins": [ { "id": "RLMA-2025-02003", "import_time": "2025-03-31T07:07:06.91570307Z", "sha256": "7c318d092e4c5b40f87820451043fbaec4808afba5e93709d4ce1ed405f01d38", "source": "reversing-labs", "modified_time": "2025-03-28T13:06:21Z", "versions": [ "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10" ] }, { "id": "pypi/2025-02-multis/systoring", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:55.623568808Z", "sha256": "8fc117ab38f0c3fb09e1481d5a4f921bcbf0c87d1765530cdccc9f384a003902", "source": "kam193", "modified_time": "2025-02-13T13:18:05Z" }, { "id": "pypi/2025-02-multis/systoring", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:18.664546697Z", "sha256": "5be790277882f23120bae2ed3979650349878074f8d3d10f869d726fa106160f", "source": "kam193", "modified_time": "2025-02-13T13:18:05Z" }, { "id": "pypi/2025-02-multis/systoring", "import_time": "2025-12-10T21:38:57.852724663Z", "sha256": "46e40ebd6cec3d9715aa0b69017ba338670ff6f10d15799efa5955d1e653cf6e", "source": "kam193", "modified_time": "2025-02-13T13:18:05Z", "versions": [ "0.1.1", "0.1.3", "0.1.2", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10" ] }, { "id": "pypi/2025-02-multis/systoring", "import_time": "2025-12-30T22:39:04.193371726Z", "sha256": "3fd0a128d068d845fa7fa32379a50d9bbc3914a3f60808ec52298f807e3d9335", "source": "kam193", "modified_time": "2025-02-13T13:18:05Z", "versions": [ "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10" ] }, { "id": "RLUA-2026-00797", "import_time": "2026-03-19T12:20:31.525951398Z", "sha256": "e3b4d0a271a555ab55e8ae60c40d4fa2b85d2f8b1c28978b43309bfeb64626ba", "source": "reversing-labs", "modified_time": "2026-03-18T12:19:13Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / systoring
Package
- Name
- systoring
- View open source insights on deps.dev
- Purl
- pkg:pypi/systoring