-= Per source details. Do not edit below this line.=-
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
{
"malicious-packages-origins": [
{
"versions": [
"7.0.0",
"8.0.0"
],
"id": "RLMA-2025-04813",
"modified_time": "2025-09-26T09:14:41Z",
"import_time": "2025-09-26T11:05:36.074682178Z",
"sha256": "488190f06a9c8848fcd78f701b5057e23613422efa2fb60226bcf62040ab5794",
"source": "reversing-labs"
},
{
"versions": [
"7.0.0",
"6.0.0",
"8.0.0"
],
"id": "pypi/GENERIC-standard-pypi-install-pentest/titifel-pyip",
"modified_time": "2025-08-15T17:53:24.213599Z",
"import_time": "2025-12-02T22:30:56.460379392Z",
"sha256": "30e6c2e5868548463e11674303622528dd91a35b2054d3eea449624364558bd6",
"source": "kam193"
},
{
"versions": [
"7.0.0",
"6.0.0",
"8.0.0"
],
"id": "pypi/GENERIC-standard-pypi-install-pentest/titifel-pyip",
"modified_time": "2025-08-15T17:53:24.213599Z",
"import_time": "2025-12-02T23:07:19.644237982Z",
"sha256": "db04496b1d3e7bb6d0e4f13530466504551bf243744fb5f0748195d38a11b0f3",
"source": "kam193"
},
{
"versions": [
"6.0.0",
"7.0.0",
"8.0.0"
],
"id": "pypi/GENERIC-standard-pypi-install-pentest/titifel-pyip",
"modified_time": "2025-08-15T17:53:24.213599Z",
"import_time": "2025-12-30T22:39:04.360617119Z",
"sha256": "e87ccd5be9e1b14985a195aa45d21bb87071f94700959587b815d6335c723b59",
"source": "kam193"
},
{
"id": "RLUA-2026-00826",
"modified_time": "2026-03-18T12:19:32Z",
"import_time": "2026-03-19T12:20:34.213105324Z",
"sha256": "546dd95ce05502aa89042eaeae18e7946e3f64234ffe82eca3e78416dedcd967",
"source": "reversing-labs"
}
]
}