MAL-2025-47803

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/titifel-pyip/MAL-2025-47803.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47803
Published
2025-08-15T17:10:10Z
Modified
2026-03-19T12:57:32.777367Z
Summary
Malicious code in titifel-pyip (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (db04496b1d3e7bb6d0e4f13530466504551bf243744fb5f0748195d38a11b0f3)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "7.0.0",
                "8.0.0"
            ],
            "id": "RLMA-2025-04813",
            "modified_time": "2025-09-26T09:14:41Z",
            "import_time": "2025-09-26T11:05:36.074682178Z",
            "sha256": "488190f06a9c8848fcd78f701b5057e23613422efa2fb60226bcf62040ab5794",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "7.0.0",
                "6.0.0",
                "8.0.0"
            ],
            "id": "pypi/GENERIC-standard-pypi-install-pentest/titifel-pyip",
            "modified_time": "2025-08-15T17:53:24.213599Z",
            "import_time": "2025-12-02T22:30:56.460379392Z",
            "sha256": "30e6c2e5868548463e11674303622528dd91a35b2054d3eea449624364558bd6",
            "source": "kam193"
        },
        {
            "versions": [
                "7.0.0",
                "6.0.0",
                "8.0.0"
            ],
            "id": "pypi/GENERIC-standard-pypi-install-pentest/titifel-pyip",
            "modified_time": "2025-08-15T17:53:24.213599Z",
            "import_time": "2025-12-02T23:07:19.644237982Z",
            "sha256": "db04496b1d3e7bb6d0e4f13530466504551bf243744fb5f0748195d38a11b0f3",
            "source": "kam193"
        },
        {
            "versions": [
                "6.0.0",
                "7.0.0",
                "8.0.0"
            ],
            "id": "pypi/GENERIC-standard-pypi-install-pentest/titifel-pyip",
            "modified_time": "2025-08-15T17:53:24.213599Z",
            "import_time": "2025-12-30T22:39:04.360617119Z",
            "sha256": "e87ccd5be9e1b14985a195aa45d21bb87071f94700959587b815d6335c723b59",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00826",
            "modified_time": "2026-03-18T12:19:32Z",
            "import_time": "2026-03-19T12:20:34.213105324Z",
            "sha256": "546dd95ce05502aa89042eaeae18e7946e3f64234ffe82eca3e78416dedcd967",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / titifel-pyip

Package

Affected ranges

Affected versions

6.*
6.0.0
7.*
7.0.0
8.*
8.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/titifel-pyip/MAL-2025-47803.json"