MAL-2025-48892

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hackerone-app-sdk/MAL-2025-48892.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-48892
Published
2025-09-17T15:17:50Z
Modified
2026-03-19T12:53:36.016758Z
Summary
Malicious code in hackerone-app-sdk (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-10-23T19:16:33Z",
            "versions": [
                "0.18.0",
                "0.19.1"
            ],
            "sha256": "afbe6bddcd85abd24300f735ee11fffa58ee409b2d1297033700b8050ac28bc2",
            "id": "RLMA-2025-05211",
            "source": "reversing-labs",
            "import_time": "2025-10-27T18:08:49.774942659Z"
        },
        {
            "modified_time": "2025-09-17T15:17:50.798404Z",
            "versions": [
                "0.19.1",
                "0.18.0",
                "0.17.0"
            ],
            "sha256": "ec9f5e3b9a5854f28db5438f9967e21b65574188e6872860ed084132f7a97b71",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/hackerone-app-sdk",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:56.083453369Z"
        },
        {
            "modified_time": "2025-09-17T15:17:50.798404Z",
            "versions": [
                "0.19.1",
                "0.18.0",
                "0.17.0"
            ],
            "sha256": "7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/hackerone-app-sdk",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:19.27326304Z"
        },
        {
            "modified_time": "2025-09-17T15:17:50.798404Z",
            "versions": [
                "0.17.0",
                "0.18.0",
                "0.19.1"
            ],
            "sha256": "0cfb46a3c4d57362d8cae555161436c78a9dc673c0daeae0b501faa5c248eca4",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/hackerone-app-sdk",
            "source": "kam193",
            "import_time": "2025-12-30T22:39:04.293894556Z"
        },
        {
            "modified_time": "2026-03-18T12:14:28Z",
            "sha256": "194f5dc3a4b9a652fe0db796a81814f5fbbb5e69b8b96bf8572ad813e9f7c484",
            "id": "RLUA-2026-00372",
            "source": "reversing-labs",
            "import_time": "2026-03-19T12:19:50.265140195Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / hackerone-app-sdk

Package

Name
hackerone-app-sdk
View open source insights on deps.dev
Purl
pkg:pypi/hackerone-app-sdk

Affected ranges

Affected versions

0.*
0.17.0
0.18.0
0.19.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hackerone-app-sdk/MAL-2025-48892.json"