MAL-2025-47762

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/electrum-bch/MAL-2025-47762.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47762
Published
2025-08-23T11:16:26Z
Modified
2026-03-19T12:52:47.445162Z
Summary
Malicious code in electrum-bch (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (8e4c3bb0f735a352c6f4d18865f3a145912c31f6b9da22c48e731e7fe750b1dd)

The modification of https://github.com/spesmilo/electrum (not clear which version or fork) that during usage will exfiltrate files from the current directory, presumably wanting to collect sensitive data.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-electrum-bch

Reasons (based on the campaign):

  • crypto-related

  • action-hidden-in-lib-usage

  • exfiltration-crypto

  • exfiltration-generic

  • clones-real-package

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.3.6",
                "0.3.7",
                "0.3.8",
                "0.3.9"
            ],
            "sha256": "d2bb6f0671f65c17290c09be93e9e37c8619fdd1be42ba85f5e96b63f3645e5d",
            "modified_time": "2025-09-26T09:13:55Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-04763",
            "import_time": "2025-09-26T11:05:32.592233195Z"
        },
        {
            "versions": [
                "0.3.9",
                "0.3.8",
                "0.3.7",
                "0.3.6",
                "0.3.5"
            ],
            "sha256": "709670ac9cef9e8f4a4d2a2e93d9ea07c9892f2237dd309c3294ae84c4d6915a",
            "modified_time": "2025-08-23T11:16:26.305373Z",
            "source": "kam193",
            "id": "pypi/2025-08-electrum-bch/electrum-bch",
            "import_time": "2025-12-02T22:30:55.125312163Z"
        },
        {
            "versions": [
                "0.3.9",
                "0.3.8",
                "0.3.7",
                "0.3.6",
                "0.3.5"
            ],
            "sha256": "8e4c3bb0f735a352c6f4d18865f3a145912c31f6b9da22c48e731e7fe750b1dd",
            "modified_time": "2025-08-23T11:16:26.305373Z",
            "source": "kam193",
            "id": "pypi/2025-08-electrum-bch/electrum-bch",
            "import_time": "2025-12-02T23:07:18.136008125Z"
        },
        {
            "versions": [
                "0.3.5",
                "0.3.6",
                "0.3.7",
                "0.3.8",
                "0.3.9"
            ],
            "sha256": "22c1e1447fff58ea767fecde710b5f63112c0d85e8ab703e7f54ec3db6e0c99f",
            "modified_time": "2025-08-23T11:16:26.305373Z",
            "source": "kam193",
            "id": "pypi/2025-08-electrum-bch/electrum-bch",
            "import_time": "2025-12-30T22:39:04.077760618Z"
        },
        {
            "versions": [
                "0.3.5"
            ],
            "sha256": "aa432205fe76bdee20f45fe50205a4f4ad039d58d789b48c11c52feae8b0d19e",
            "modified_time": "2026-03-18T12:13:30Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00291",
            "import_time": "2026-03-19T12:19:42.553014188Z"
        }
    ],
    "iocs": {
        "ips": [
            "136.243.103.253"
        ],
        "urls": [
            "http://136.243.103.253:8080/upload"
        ]
    }
}
References
Credits

Affected packages

PyPI / electrum-bch

Package

Affected ranges

Affected versions

0.*
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/electrum-bch/MAL-2025-47762.json"