MAL-2025-47510

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/vielcord/MAL-2025-47510.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47510
Published
2025-09-22T02:12:23Z
Modified
2025-12-03T00:36:21.577069Z
Summary
Malicious code in vielcord (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (4663c6d9af6fa1feac7fd1719e4ff1a729bc8297eec7ce927a13804d475d2c8b)

During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-09-gtts-lts

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • action-hidden-in-lib-usage

Source: oracle-using-macaron (f35b1416b7e82dbedf8d0f943973c7f2c4af1ebd85f2a69ebd582f6c4d58f60e)

This package is designed to typosquat veilcord. When imported, it automatically decodes and executes a hidden payload.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "f35b1416b7e82dbedf8d0f943973c7f2c4af1ebd85f2a69ebd582f6c4d58f60e",
            "versions": [
                "0.0.7.5"
            ],
            "import_time": "2025-09-22T02:12:23Z",
            "modified_time": "2025-09-22T02:12:23Z",
            "source": "oracle-using-macaron"
        },
        {
            "sha256": "a2cdbade2ade551e1b920eddd48c3586f09155ed000f3fd38ad38094b167be06",
            "id": "pypi/2025-09-gtts-lts/vielcord",
            "import_time": "2025-12-02T22:30:55.71359786Z",
            "modified_time": "2025-09-24T18:43:02.726948Z",
            "versions": [
                "0.0.7.5"
            ],
            "source": "kam193"
        },
        {
            "sha256": "4663c6d9af6fa1feac7fd1719e4ff1a729bc8297eec7ce927a13804d475d2c8b",
            "id": "pypi/2025-09-gtts-lts/vielcord",
            "import_time": "2025-12-02T23:07:18.753174914Z",
            "modified_time": "2025-09-24T18:43:02.726948Z",
            "versions": [
                "0.0.7.5"
            ],
            "source": "kam193"
        }
    ],
    "iocs": {
        "urls": [
            "https://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/meow.bin",
            "https://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/shell.exe"
        ]
    }
}
References
Credits

Affected packages

PyPI / vielcord

Package

Affected ranges

Affected versions

0.*
0.0.7.5

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/vielcord/MAL-2025-47510.json"