MAL-2025-41688

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/iamenumerate/MAL-2025-41688.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-41688

Published

2025-08-14T23:01:46Z

Modified

2026-03-19T12:54:05.077506Z

Summary

Malicious code in iamenumerate (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (d673b2612401a11ff219f59a9ca15986b4ce10d098f08d4beb5fbc9dc79ec554)

This one package is clearly created as part of the campaign, but the malicious code from the previous version has been removed (no other changes). It is anyway dangerous as most probably will be updated with the malicious code later

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-aws-enumerate

Reasons (based on the campaign):

exfiltration-generic
action-hidden-in-lib-usage
exfiltration-credentials

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "fc45e73b0a04b297209ed1bb954d79f1b6547c15b4c6a22391d2c516cf4fcf33",
            "source": "reversing-labs",
            "modified_time": "2025-08-28T07:11:11Z",
            "id": "RLMA-2025-04180",
            "versions": [
                "1.0.0"
            ],
            "import_time": "2025-08-29T06:41:45.7241062Z"
        },
        {
            "sha256": "b852c726e1c63be7486fee4fcd0a140260ab125b743c70f724b3e84e4f0a4798",
            "source": "reversing-labs",
            "modified_time": "2025-09-26T09:14:03Z",
            "id": "RLUA-2025-04775",
            "versions": [
                "1.0.1"
            ],
            "import_time": "2025-09-26T11:06:10.151490423Z"
        },
        {
            "sha256": "f4f5b1e48d097fa6d8fcd93493dbf2d2c2c34ea4bcff0c2294a6488ed19da3aa",
            "source": "kam193",
            "modified_time": "2025-08-25T07:46:08.612646Z",
            "id": "pypi/2025-08-aws-enumerate/iamenumerate",
            "versions": [
                "1.0.0",
                "1.0.1"
            ],
            "import_time": "2025-12-02T22:30:55.267906651Z"
        },
        {
            "sha256": "d673b2612401a11ff219f59a9ca15986b4ce10d098f08d4beb5fbc9dc79ec554",
            "source": "kam193",
            "modified_time": "2025-08-25T07:46:08.612646Z",
            "id": "pypi/2025-08-aws-enumerate/iamenumerate",
            "versions": [
                "1.0.0",
                "1.0.1"
            ],
            "import_time": "2025-12-02T23:07:18.292241226Z"
        },
        {
            "sha256": "73a324841548bbb575a481ab8259fdf3e6386cbf162c578370c912759c134f99",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:14:55Z",
            "id": "RLUA-2026-00418",
            "import_time": "2026-03-19T12:19:54.356792477Z"
        }
    ],
    "iocs": {
        "domains": [
            "api.aliyun-sdk-requests.xyz",
            "aliyun-sdk-requests.xyz"
        ],
        "urls": [
            "https://api.aliyun-sdk-requests.xyz/aws",
            "https://github.com/kohlersbtuh15/accesskey_tools"
        ]
    }
}

References

https://bad-packages.kam193.eu/pypi/package/iamenumerate

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / iamenumerate

Package

Name: iamenumerate; View open source insights on deps.dev
Purl: pkg:pypi/iamenumerate

Affected ranges

Affected versions

1.*

1.0.0

1.0.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/iamenumerate/MAL-2025-41688.json"