MAL-2025-41667
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dsodelib/MAL-2025-41667.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-41667
- Published
- 2025-08-03T18:01:42Z
- Modified
- 2026-03-19T12:52:45.961612Z
- Summary
- Malicious code in dsodelib (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (b3646fafa7dac849bdfcdc6c760d037132c5231f61a87721b2a433992a3d3639)
Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded in the package
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-08-dsidelib
Reasons (based on the campaign):
infostealer
Downloads and executes a remote malicious script.
exfiltration-browser-data
target:telegram
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2025-08-28T07:11:01Z", "source": "reversing-labs", "import_time": "2025-08-29T06:41:43.335787126Z", "id": "RLMA-2025-04159", "versions": [ "1.1.0" ], "sha256": "6b27710688625d2ed15e6938c7b02f16eb32889d561d3df42b9e1cf0e028c5f9" }, { "sha256": "337f51985af86ea5dd8c09c2b68c3e00de2ec5fb2bed214186690b41aac6f60b", "source": "kam193", "import_time": "2025-12-02T22:30:55.116115195Z", "id": "pypi/2025-08-dsidelib/dsodelib", "modified_time": "2025-08-03T18:01:42.73525Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "sha256": "b3646fafa7dac849bdfcdc6c760d037132c5231f61a87721b2a433992a3d3639", "source": "kam193", "import_time": "2025-12-02T23:07:18.127780461Z", "id": "pypi/2025-08-dsidelib/dsodelib", "modified_time": "2025-08-03T18:01:42.73525Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "modified_time": "2025-08-03T18:01:42.73525Z", "source": "kam193", "import_time": "2025-12-10T21:38:57.412203Z", "id": "pypi/2025-08-dsidelib/dsodelib", "versions": [ "1.1.0" ], "sha256": "aa9a11e54568e85bb542ed0d2532c054eec9bea35998bfb112a3f7688c5d66b7" }, { "source": "reversing-labs", "import_time": "2026-03-19T12:19:41.956830937Z", "id": "RLUA-2026-00285", "modified_time": "2026-03-18T12:13:27Z", "sha256": "b5520149f77fc0222db00c867c71c795a618edbc0479610efcdff9cfb07375df" } ], "iocs": { "urls": [ "https://raw.githubusercontent.com/hellyth1337/dfree/main/crasherBypass.py", "https://discord.com/api/webhooks/1400046440088342641/SDsNfGaWeR9dpGIfRUzHGZPBboYzcUqY2gQBhCXpc9eWmRhknG0QQGkcXWaFle-9J5U6" ] } }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / dsodelib
Package
- Name
- dsodelib
- View open source insights on deps.dev
- Purl
- pkg:pypi/dsodelib