MAL-2025-47782

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/learning-pypi-demo-nisimi/MAL-2025-47782.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47782
Published
2025-09-03T15:52:06Z
Modified
2026-03-19T12:54:26.736755Z
Summary
Malicious code in learning-pypi-demo-nisimi (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (0b3a0d62b36ae3a2e643a327b7cf5b88366d4a8a89381eca570f34c453f1eaf4)

Installing packages exfiltrates data (different in different packages and versions) or run revshells

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-learning-pypi-demo-nisimi

Reasons (based on the campaign):

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

  • exfiltration-generic

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "f78aa0ac3b04117deb9aaced3f1835eb9808d5d61bcc87307d5e22dc2a8afe13",
            "source": "reversing-labs",
            "modified_time": "2025-09-26T09:14:13Z",
            "id": "RLMA-2025-04786",
            "versions": [
                "0.1.3"
            ],
            "import_time": "2025-09-26T11:05:34.418036044Z"
        },
        {
            "sha256": "1d26619fa2d91e8e6f4a3a00f9a29c07bb819775b4aadc60833a511514622d0d",
            "source": "kam193",
            "modified_time": "2025-09-03T15:52:06.224035Z",
            "id": "pypi/2025-08-learning-pypi-demo-nisimi/learning-pypi-demo-nisimi",
            "versions": [
                "0.1.5",
                "0.1.4",
                "0.1.3",
                "0.1.2",
                "0.1.1",
                "0.1.0"
            ],
            "import_time": "2025-12-02T22:30:55.308567896Z"
        },
        {
            "sha256": "0b3a0d62b36ae3a2e643a327b7cf5b88366d4a8a89381eca570f34c453f1eaf4",
            "source": "kam193",
            "modified_time": "2025-09-03T15:52:06.224035Z",
            "id": "pypi/2025-08-learning-pypi-demo-nisimi/learning-pypi-demo-nisimi",
            "versions": [
                "0.1.5",
                "0.1.4",
                "0.1.3",
                "0.1.2",
                "0.1.1",
                "0.1.0"
            ],
            "import_time": "2025-12-02T23:07:18.334801013Z"
        },
        {
            "sha256": "cf9e1284f254bedf04369748f9c57172eeed9e889fbab2ba389e0fd36c713109",
            "source": "kam193",
            "modified_time": "2025-09-03T15:52:06.224035Z",
            "id": "pypi/2025-08-learning-pypi-demo-nisimi/learning-pypi-demo-nisimi",
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2",
                "0.1.3",
                "0.1.4",
                "0.1.5"
            ],
            "import_time": "2025-12-30T22:39:04.118898761Z"
        },
        {
            "sha256": "cc6778eeb77d412dd98314ebd3483005dd78a3952fb9b5f8293ef81a27be7237",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:15:34Z",
            "id": "RLUA-2026-00467",
            "versions": [
                "0.1.4",
                "0.1.5",
                "0.1.2",
                "0.1.0",
                "0.1.1"
            ],
            "import_time": "2026-03-19T12:19:59.222687108Z"
        }
    ],
    "iocs": {
        "domains": [
            "evduuu5l01di1hdn9i5qslhxzo5ft6ju8.oastify.com",
            "xz0dyd944kh150h6d199w4lg379yx0lp.oastify.com",
            "v95b8bj2eirzfyr4nzj762ved5jw71vq.oastify.com"
        ]
    }
}
References
Credits

Affected packages

PyPI / learning-pypi-demo-nisimi

Package

Name
learning-pypi-demo-nisimi
View open source insights on deps.dev
Purl
pkg:pypi/learning-pypi-demo-nisimi

Affected ranges

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/learning-pypi-demo-nisimi/MAL-2025-47782.json"