-= Per source details. Do not edit below this line.=-
The obfuscated code provides "initialize_session" function that exfiltrates the provided argument.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-09-mevguard
Reasons (based on the campaign):
action-hidden-in-lib-usage
exfiltration-generic
obfuscation
{
"malicious-packages-origins": [
{
"versions": [
"0.1.5"
],
"id": "RLMA-2025-04792",
"modified_time": "2025-09-26T09:14:16Z",
"import_time": "2025-09-26T11:05:34.771542276Z",
"sha256": "7db87052a760fd4771fa88e1ded1e213c9f269d75db556b0ac8caf2c36d9772e",
"source": "reversing-labs"
},
{
"versions": [
"0.1.5"
],
"id": "pypi/2025-09-mevguard/mevguard",
"modified_time": "2025-09-14T13:24:21.500575Z",
"import_time": "2025-12-02T22:30:55.337524901Z",
"sha256": "18d6f63d91515fac38b8dd7d9cbf6e0714839c1eb8cdb464b79b3839c0958dd1",
"source": "kam193"
},
{
"versions": [
"0.1.5"
],
"id": "pypi/2025-09-mevguard/mevguard",
"modified_time": "2025-09-14T13:24:21.500575Z",
"import_time": "2025-12-02T23:07:18.366603188Z",
"sha256": "46b2aa8c02569ef9c6bab8214553d7af8d7e1c1f3499324654bb30870832f6f5",
"source": "kam193"
},
{
"id": "RLUA-2026-00518",
"modified_time": "2026-03-18T12:16:04Z",
"import_time": "2026-03-19T12:20:04.266471545Z",
"sha256": "867a04c19924731e7a29e9d6d3a3530fcbe5cff0ca7d85fbda4685c184685ab4",
"source": "reversing-labs"
}
]
}