MAL-2025-47756

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/datetime-zones/MAL-2025-47756.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47756
Published
2025-09-13T21:46:19Z
Modified
2026-03-19T12:52:16.682490Z
Summary
Malicious code in datetime-zones (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (d1a3d123441a30b70e5c3317307e99636ac6d13c589e7fb1ae0253a6aaa96aaf)

During import, environment variables are exfiltrated

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-09-datetime-zones

Reasons (based on the campaign):

  • exfiltration-env-variables
Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2025-04757",
            "modified_time": "2025-09-26T09:13:52Z",
            "sha256": "88dbab1928062d862e8abfd5ab6669ead582a549643e94e31a67f643cd886ae8",
            "versions": [
                "0.2.0",
                "2.3.9"
            ],
            "import_time": "2025-09-26T11:05:32.074412759Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-09-datetime-zones/datetime-zones",
            "modified_time": "2025-09-14T20:13:23.009578Z",
            "sha256": "ba264b5c0145300563416b657d95d26e4857ab607c180212c1b263b80e0f28fe",
            "versions": [
                "0.2.0",
                "0.1.0",
                "2.3.9"
            ],
            "import_time": "2025-12-02T22:30:55.089541413Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-09-datetime-zones/datetime-zones",
            "modified_time": "2025-09-14T20:13:23.009578Z",
            "sha256": "d1a3d123441a30b70e5c3317307e99636ac6d13c589e7fb1ae0253a6aaa96aaf",
            "versions": [
                "0.2.0",
                "0.1.0",
                "2.3.9"
            ],
            "import_time": "2025-12-02T23:07:18.102347049Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-09-datetime-zones/datetime-zones",
            "modified_time": "2025-09-14T20:13:23.009578Z",
            "sha256": "7bff7d04cf0481aa8f2e9e8f427d86b973a80ae2da58284f154a04cabf80c3e0",
            "versions": [
                "0.1.0",
                "0.2.0",
                "2.3.9"
            ],
            "import_time": "2025-12-30T22:39:04.068024371Z"
        },
        {
            "source": "reversing-labs",
            "id": "RLUA-2026-00249",
            "modified_time": "2026-03-18T12:13:05Z",
            "sha256": "3e8849b6f34583e73407bc9d89fe09b6df211ab8cfffd3ac1d778b829ae24589",
            "versions": [
                "0.1.0"
            ],
            "import_time": "2026-03-19T12:19:38.377748099Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / datetime-zones

Package

Name
datetime-zones
View open source insights on deps.dev
Purl
pkg:pypi/datetime-zones

Affected ranges

Affected versions

0.*
0.1.0
0.2.0
2.*
2.3.9

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/datetime-zones/MAL-2025-47756.json"