MAL-2025-41666

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dsidelib/MAL-2025-41666.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-41666
Published
2025-08-03T16:49:34Z
Modified
2026-03-19T12:52:48.460777Z
Summary
Malicious code in dsidelib (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (5bd949196aad0e516b6c21fb6c9fc50ac76f93ca87d94490d53e3b367401df7b)

Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded in the package


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-dsidelib

Reasons (based on the campaign):

  • infostealer

  • Downloads and executes a remote malicious script.

  • exfiltration-browser-data

  • target:telegram

Database specific
{
    "iocs": {
        "urls": [
            "https://raw.githubusercontent.com/hellyth1337/dfree/main/crasherBypass.py",
            "https://discord.com/api/webhooks/1400046440088342641/SDsNfGaWeR9dpGIfRUzHGZPBboYzcUqY2gQBhCXpc9eWmRhknG0QQGkcXWaFle-9J5U6"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.2.0",
                "0.3.0",
                "0.4.0",
                "1.0.0",
                "1.1.0",
                "1.2.0",
                "1.3.0",
                "2.0"
            ],
            "id": "RLMA-2025-04158",
            "modified_time": "2025-08-28T07:11:00Z",
            "import_time": "2025-08-29T06:41:43.243145891Z",
            "sha256": "e9e2cf7cb2a305bb54858e7b6d976bd8de7182064c2c56e03f61542572dc4495",
            "source": "reversing-labs"
        },
        {
            "id": "pypi/2025-08-dsidelib/dsidelib",
            "modified_time": "2025-08-03T16:49:34.904137Z",
            "import_time": "2025-12-02T22:30:55.115324458Z",
            "sha256": "ca43db239f71150cdb1487144d1749cd199126f3072bfae5a37982f69bb675b1",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "id": "pypi/2025-08-dsidelib/dsidelib",
            "modified_time": "2025-08-03T16:49:34.904137Z",
            "import_time": "2025-12-02T23:07:18.126819236Z",
            "sha256": "5bd949196aad0e516b6c21fb6c9fc50ac76f93ca87d94490d53e3b367401df7b",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.2.0",
                "0.3.0",
                "0.4.0",
                "0.5.0",
                "0.6.0",
                "0.7.0",
                "0.8.0",
                "0.9.0",
                "1.3.0",
                "2.0",
                "1.2.0",
                "1.1.0",
                "1.0.0"
            ],
            "id": "pypi/2025-08-dsidelib/dsidelib",
            "modified_time": "2025-08-03T16:49:34.904137Z",
            "import_time": "2025-12-10T21:38:57.41143611Z",
            "sha256": "76bdef8c535c10bb95fe0ef65eea42cc2e709b8093847af2ff54b66bf1c57fdd",
            "source": "kam193"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.2.0",
                "0.3.0",
                "0.4.0",
                "0.5.0",
                "0.6.0",
                "0.7.0",
                "0.8.0",
                "0.9.0",
                "1.0.0",
                "1.1.0",
                "1.2.0",
                "1.3.0",
                "2.0"
            ],
            "id": "pypi/2025-08-dsidelib/dsidelib",
            "modified_time": "2025-08-03T16:49:34.904137Z",
            "import_time": "2025-12-30T22:39:04.076706852Z",
            "sha256": "2450c157ad56e5ea450e51f904efaa7796eb38db61e1824d55a9395ecb26af3d",
            "source": "kam193"
        },
        {
            "versions": [
                "0.6.0",
                "0.5.0",
                "0.7.0",
                "0.8.0",
                "0.9.0"
            ],
            "id": "RLUA-2026-00284",
            "modified_time": "2026-03-18T12:13:26Z",
            "import_time": "2026-03-19T12:19:41.877288109Z",
            "sha256": "1b882a6b7eab0aed4a54e99c2d41a3893c781400e096e34c1ddc14bf82f4ecb7",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / dsidelib

Package

Affected ranges

Affected versions

0.*
0.1.0
0.1.1
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
1.*
1.0.0
1.1.0
1.2.0
1.3.0
2.*
2.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dsidelib/MAL-2025-41666.json"