MAL-2025-48896

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/regixtest/MAL-2025-48896.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-48896

Published

2025-10-01T06:38:19Z

Modified

2026-03-19T12:56:16.318482Z

Summary

Malicious code in regixtest (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (5bd4402c3382436a949c662f36088697ac7a3a0fd22e2c91fdf2102231e2392c)

Obfuscated code contains e.g. capabilities for downloading and executing code from a hardcoded location. It's also recognized as malware

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-10-regixtest

Reasons (based on the campaign):

obfuscation
action-hidden-in-lib-usage
Downloads and executes a remote malicious script.
malware

Database specific

{
    "iocs": {
        "domains": [
            "cxojh-118-179-99-2.a.free.pinggy.link",
            "xnrij-118-179-99-2.a.free.pinggy.link"
        ]
    },
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2",
                "0.1.3",
                "0.1.4"
            ],
            "modified_time": "2025-10-23T19:17:02Z",
            "sha256": "be8183115c7e3df98800c36287295b44e30a6457baf95f4324af022bbf5d47e4",
            "id": "RLMA-2025-05215",
            "source": "reversing-labs",
            "import_time": "2025-10-27T18:08:49.989937872Z"
        },
        {
            "versions": [
                "0.1.4",
                "0.1.3",
                "0.1.2",
                "0.1.1",
                "0.1.0"
            ],
            "modified_time": "2025-10-01T06:38:19.337263Z",
            "sha256": "eb1666d5e5f9c7c5bb2bfbaf1c95f07ad154bfe1596127f62da8b8349107a5db",
            "id": "pypi/2025-10-regixtest/regixtest",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.524782136Z"
        },
        {
            "versions": [
                "0.1.4",
                "0.1.3",
                "0.1.2",
                "0.1.1",
                "0.1.0"
            ],
            "modified_time": "2025-10-01T06:38:19.337263Z",
            "sha256": "5bd4402c3382436a949c662f36088697ac7a3a0fd22e2c91fdf2102231e2392c",
            "id": "pypi/2025-10-regixtest/regixtest",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.561615122Z"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2",
                "0.1.3",
                "0.1.4"
            ],
            "modified_time": "2025-10-01T06:38:19.337263Z",
            "sha256": "6f5d3e60ec1b5684e600480df0fd6dee11c8a0d6ed4985ef10705d9154951fb8",
            "id": "pypi/2025-10-regixtest/regixtest",
            "source": "kam193",
            "import_time": "2025-12-30T22:39:04.155656594Z"
        },
        {
            "modified_time": "2026-03-18T12:18:04Z",
            "sha256": "4f2344312262cff9d61a447d9fd8f490873d82951334be092c5750463c15e19e",
            "id": "RLUA-2026-00692",
            "source": "reversing-labs",
            "import_time": "2026-03-19T12:20:21.174173618Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/regixtest

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / regixtest

Package

Name: regixtest; View open source insights on deps.dev
Purl: pkg:pypi/regixtest

Affected ranges

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/regixtest/MAL-2025-48896.json"