MAL-2025-4526
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/caixaequ2ahzoop/MAL-2025-4526.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-4526
- Published
- 2025-05-27T14:52:36Z
- Modified
- 2025-12-12T20:34:14.463100Z
- Summary
- Malicious code in caixaequ2ahzoop (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (da1d699d5d12de135ae0da4180622e30084a77fd76ee5cd36fe5667ce14c4bbe)
Obfuscated code gets a command from the remote target and executes it. At the time of the test, it was just "whoami". Thus, it's rather just an experiment
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2025-05-caixaequ2ahzoop
Reasons (based on the campaign):
obfuscation
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
Source: ossf-package-analysis (82f9967b944983f117b085820df45222a6d7e6cfd130081af546f52071f9e21d)
The OpenSSF Package Analysis project identified 'caixaequ2ahzoop' @ 2.0.0 (pypi) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2025-05-27T14:52:36Z", "versions": [ "2.0.0" ], "sha256": "82f9967b944983f117b085820df45222a6d7e6cfd130081af546f52071f9e21d", "source": "ossf-package-analysis", "import_time": "2025-05-28T02:35:47.412678282Z" }, { "modified_time": "2025-05-27T15:06:15Z", "versions": [ "2.0.1" ], "sha256": "d1dea941c248c1d64b68f80e89ff01f645683d7b5d8ec260709e4f43191fb222", "source": "ossf-package-analysis", "import_time": "2025-05-28T02:35:47.502811603Z" }, { "modified_time": "2025-05-28T01:52:43Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "sha256": "9545f83711d0d85c5530e296ec6ef300f8785f643cdc77efc3ca7c7e2a486002", "id": "pypi/2025-05-caixaequ2ahzoop/caixaequ2ahzoop", "source": "kam193", "import_time": "2025-12-02T22:30:55.928509781Z" }, { "modified_time": "2025-05-28T01:52:43Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "sha256": "da1d699d5d12de135ae0da4180622e30084a77fd76ee5cd36fe5667ce14c4bbe", "id": "pypi/2025-05-caixaequ2ahzoop/caixaequ2ahzoop", "source": "kam193", "import_time": "2025-12-02T23:07:19.11853038Z" }, { "modified_time": "2025-05-28T01:52:43Z", "versions": [ "2.0.0", "2.0.1" ], "sha256": "8bc44605b08b6de7f77947a3a750f4b38145f3f1e6bd9075d1cd269489d4f9c4", "id": "pypi/2025-05-caixaequ2ahzoop/caixaequ2ahzoop", "source": "kam193", "import_time": "2025-12-10T21:38:58.252250813Z" } ], "iocs": { "domains": [ "d3gnpasobcdyif.cloudfront.net" ] } }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
PyPI / caixaequ2ahzoop
Package
- Name
- caixaequ2ahzoop
- View open source insights on deps.dev
- Purl
- pkg:pypi/caixaequ2ahzoop