MAL-2025-47787

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mevguard/MAL-2025-47787.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47787
Published
2025-09-14T13:24:21Z
Modified
2026-03-19T12:54:55.321007Z
Summary
Malicious code in mevguard (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (46b2aa8c02569ef9c6bab8214553d7af8d7e1c1f3499324654bb30870832f6f5)

The obfuscated code provides "initialize_session" function that exfiltrates the provided argument.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-09-mevguard

Reasons (based on the campaign):

  • action-hidden-in-lib-usage

  • exfiltration-generic

  • obfuscation

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.5"
            ],
            "id": "RLMA-2025-04792",
            "modified_time": "2025-09-26T09:14:16Z",
            "import_time": "2025-09-26T11:05:34.771542276Z",
            "sha256": "7db87052a760fd4771fa88e1ded1e213c9f269d75db556b0ac8caf2c36d9772e",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "0.1.5"
            ],
            "id": "pypi/2025-09-mevguard/mevguard",
            "modified_time": "2025-09-14T13:24:21.500575Z",
            "import_time": "2025-12-02T22:30:55.337524901Z",
            "sha256": "18d6f63d91515fac38b8dd7d9cbf6e0714839c1eb8cdb464b79b3839c0958dd1",
            "source": "kam193"
        },
        {
            "versions": [
                "0.1.5"
            ],
            "id": "pypi/2025-09-mevguard/mevguard",
            "modified_time": "2025-09-14T13:24:21.500575Z",
            "import_time": "2025-12-02T23:07:18.366603188Z",
            "sha256": "46b2aa8c02569ef9c6bab8214553d7af8d7e1c1f3499324654bb30870832f6f5",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00518",
            "modified_time": "2026-03-18T12:16:04Z",
            "import_time": "2026-03-19T12:20:04.266471545Z",
            "sha256": "867a04c19924731e7a29e9d6d3a3530fcbe5cff0ca7d85fbda4685c184685ab4",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / mevguard

Package

Affected ranges

Affected versions

0.*
0.1.5

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mevguard/MAL-2025-47787.json"