MAL-2025-3450

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/logax/MAL-2025-3450.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-3450
Published
2025-03-18T09:49:12Z
Modified
2026-03-19T12:54:31.444680Z
Summary
Malicious code in logax (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (e129e6d6d38e21a039bd2190e3138f1381ad386e45a49521621a8b8ad61f7678)

The package is capable of installing malware from a hardcoded URL. The malware is well-recognized and acts as infostealer. Interestingly, it uses Steam profiles to get the current C2 domain (based on sandbox analysis).


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-03-logax

Reasons (based on the campaign):

  • infostealer

  • malware

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1",
                "1.5",
                "2.4",
                "2.5",
                "2.7",
                "2.9",
                "3.1",
                "3.2",
                "3.4",
                "3.5",
                "3.6",
                "3.7",
                "3.8",
                "3.9",
                "4",
                "4.2",
                "4.3",
                "4.5",
                "4.8",
                "4.9",
                "5",
                "5.2",
                "5.3",
                "5.4",
                "8.3"
            ],
            "sha256": "14dec44fd3afb9745d8838e0570fb0e0db4fd51f3a101e8b065ea53534286f6c",
            "modified_time": "2025-04-23T16:06:27Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-02512",
            "import_time": "2025-04-25T09:36:46.679042013Z"
        },
        {
            "sha256": "2bbac92c2eb7e20fcf7b96dcd2a6e96353d9e5e0cbb7b9de97ec258645995264",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-03-18T09:49:12Z",
            "source": "kam193",
            "id": "pypi/2025-03-logax/logax",
            "import_time": "2025-12-02T22:30:55.313127728Z"
        },
        {
            "sha256": "e129e6d6d38e21a039bd2190e3138f1381ad386e45a49521621a8b8ad61f7678",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-03-18T09:49:12Z",
            "source": "kam193",
            "id": "pypi/2025-03-logax/logax",
            "import_time": "2025-12-02T23:07:18.339785379Z"
        },
        {
            "versions": [
                "1",
                "1.5",
                "2.7",
                "3.8",
                "8.3",
                "3.6",
                "3.7",
                "2.4",
                "3.5",
                "2.5",
                "3.2",
                "2.9",
                "3.1",
                "3.4",
                "3.9",
                "4.0",
                "4.2",
                "4.3",
                "4.5",
                "4.8",
                "4.9",
                "5.2",
                "5.0",
                "5.3",
                "5.4"
            ],
            "sha256": "04e36d292d30c17c677e673242120722d25b56cc1e4c8f11766323e96bcbe2e5",
            "modified_time": "2025-03-18T09:49:12Z",
            "source": "kam193",
            "id": "pypi/2025-03-logax/logax",
            "import_time": "2025-12-10T21:38:57.572528169Z"
        },
        {
            "versions": [
                "1",
                "1.5",
                "2.4",
                "2.5",
                "2.7",
                "2.9",
                "3.1",
                "3.2",
                "3.4",
                "3.5",
                "3.6",
                "3.7",
                "3.8",
                "3.9",
                "4.0",
                "4.2",
                "4.3",
                "4.5",
                "4.8",
                "4.9",
                "5.0",
                "5.2",
                "5.3",
                "5.4",
                "8.3"
            ],
            "sha256": "0828cc74cc0f7033c0bf58055fc419a5f1db7b5f7f5281e640ba0cd7c4cb416d",
            "modified_time": "2025-03-18T09:49:12Z",
            "source": "kam193",
            "id": "pypi/2025-03-logax/logax",
            "import_time": "2025-12-30T22:39:04.12239451Z"
        },
        {
            "sha256": "7efcd8806bb1b3f40893dcfba0dc66b8251397e6a41dd335ca318a116446b599",
            "modified_time": "2026-03-18T12:15:38Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00475",
            "import_time": "2026-03-19T12:19:59.969844807Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://anonfile.io/api/download/rzOy11HD",
            "https://anonfile.io/api/download/iJbMXihN",
            "https://store4.gofile.io/download/web/dcec487f-df79-4ec0-99d1-ac2cc299329a/Saucy.exe",
            "https://steamcommunity.com/profiles/76561199830115115/",
            "https://acerputas.90shipsnormal.site/api/log"
        ],
        "domains": [
            "acerputas.90shipsnormal.site"
        ]
    }
}
References
Credits

Affected packages

PyPI / logax

Package

Affected ranges

Affected versions

Other
1
4
5
1.*
1.5
2.*
2.4
2.5
2.7
2.9
3.*
3.1
3.2
3.4
3.5
3.6
3.7
3.8
3.9
4.*
4.0
4.2
4.3
4.5
4.8
4.9
5.*
5.0
5.2
5.3
5.4
8.*
8.3

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/logax/MAL-2025-3450.json"