MAL-2025-47747

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/binance-sdk-ebate/MAL-2025-47747.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47747
Published
2025-08-18T19:44:10Z
Modified
2026-03-19T12:51:09.904896Z
Summary
Malicious code in binance-sdk-ebate (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (43db9ff01b53b59066c74bb7571e281c1364444174851bd25c272e8fd7f3f503)

Example of typosquatting package, with rather safe using localhost as exfiltration target. Package targets a typo in the Binance documentation: https://github.com/binance/binance-connector-python/blob/f1703c54c3059423a8568b2300597210b19b938e/clients/rebate/docs/migrationguiderebate_sdk.md


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "10.0.0"
            ],
            "sha256": "8c6df72dfa3549c1d5f204b74c7ddea64781cedd2b93ee103698a72b587e1301",
            "modified_time": "2025-09-26T09:13:45Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-04746",
            "import_time": "2025-09-26T11:05:31.285364324Z"
        },
        {
            "versions": [
                "10.0.0"
            ],
            "sha256": "00215dfec61ee883c8bdcaf36ceda21926774db797421144e2cb673eb30956f7",
            "modified_time": "2025-08-18T19:44:10.239927Z",
            "source": "kam193",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/binance-sdk-ebate",
            "import_time": "2025-12-02T22:30:55.885812958Z"
        },
        {
            "versions": [
                "10.0.0"
            ],
            "sha256": "43db9ff01b53b59066c74bb7571e281c1364444174851bd25c272e8fd7f3f503",
            "modified_time": "2025-08-18T19:44:10.239927Z",
            "source": "kam193",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/binance-sdk-ebate",
            "import_time": "2025-12-02T23:07:19.069863061Z"
        },
        {
            "sha256": "a85059f412b3df3d86b1d2905b67aaf4e1e3d1f2b0585171a44f598a5106011d",
            "modified_time": "2026-03-18T12:11:55Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00148",
            "import_time": "2026-03-19T12:19:29.458426902Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / binance-sdk-ebate

Package

Name
binance-sdk-ebate
View open source insights on deps.dev
Purl
pkg:pypi/binance-sdk-ebate

Affected ranges

Affected versions

10.*
10.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/binance-sdk-ebate/MAL-2025-47747.json"