MAL-2025-47802

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/testt-test/MAL-2025-47802.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47802
Published
2025-08-30T17:44:57Z
Modified
2026-03-19T12:57:20.763545Z
Summary
Malicious code in testt-test (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (05bfc8616802c80804de7998c57d6b1f62deff849f9d3545b0775edfcd0de264)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.2",
                "9.1.3",
                "99.0.1"
            ],
            "id": "RLMA-2025-04812",
            "modified_time": "2025-09-26T09:14:41Z",
            "import_time": "2025-09-26T11:05:35.998690184Z",
            "sha256": "e0f4204db839fa47f3d8716648c68973831be4d84ebbac8905801ee856acfdc9",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "99.0.1",
                "9.1.3",
                "1.0.2"
            ],
            "id": "pypi/GENERIC-standard-pypi-install-pentest/testt-test",
            "modified_time": "2025-08-30T17:44:57.425306Z",
            "import_time": "2025-12-02T22:30:56.451573705Z",
            "sha256": "ae5c6866f6b5709adfcc4c703d80e4b78438e4278ecc2d6797b1477c646b3419",
            "source": "kam193"
        },
        {
            "versions": [
                "99.0.1",
                "9.1.3",
                "1.0.2"
            ],
            "id": "pypi/GENERIC-standard-pypi-install-pentest/testt-test",
            "modified_time": "2025-08-30T17:44:57.425306Z",
            "import_time": "2025-12-02T23:07:19.635500351Z",
            "sha256": "05bfc8616802c80804de7998c57d6b1f62deff849f9d3545b0775edfcd0de264",
            "source": "kam193"
        },
        {
            "versions": [
                "1.0.2",
                "9.1.3",
                "99.0.1"
            ],
            "id": "pypi/GENERIC-standard-pypi-install-pentest/testt-test",
            "modified_time": "2025-08-30T17:44:57.425306Z",
            "import_time": "2025-12-30T22:39:04.358487788Z",
            "sha256": "e3e0756cee3997a64425dcb3b3936cb3001413457babfb9beb4be7c7f2d37265",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00813",
            "modified_time": "2026-03-18T12:19:24Z",
            "import_time": "2026-03-19T12:20:32.938890991Z",
            "sha256": "6ac0ba0de12962897e6e5038b3227d3b003655443a57a425d386f5017dd41416",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / testt-test

Package

Affected ranges

Affected versions

1.*
1.0.2
9.*
9.1.3
99.*
99.0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/testt-test/MAL-2025-47802.json"