MAL-2025-49320
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/python-requirements-inspector/MAL-2025-49320.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-49320
- Published
- 2025-11-02T23:10:55Z
- Modified
- 2025-12-31T02:56:22.898597Z
- Summary
- Malicious code in python-requirements-inspector (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (8f26b5cd7ab7cb6a847edc1afec2dc496ac0f0bd3f592f2a98391365298c4fc6)
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
Source: ossf-package-analysis (120f942e828e97f95448695e19e77003953dfc19d2010c361a02e8d62d2efe7e)
The OpenSSF Package Analysis project identified 'python-requirements-inspector' @ 999.0.1 (pypi) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2025-11-02T23:20:56Z", "versions": [ "999.0.1" ], "sha256": "120f942e828e97f95448695e19e77003953dfc19d2010c361a02e8d62d2efe7e", "source": "ossf-package-analysis", "import_time": "2025-11-02T23:34:48.015998315Z" }, { "modified_time": "2025-11-02T23:10:55Z", "versions": [ "999.0.0" ], "sha256": "e6808df80e0d2778ba46ec1c965dba0300ef7864ef4d1b3dbf9b6877a9f18028", "source": "ossf-package-analysis", "import_time": "2025-11-02T23:34:47.742046813Z" }, { "modified_time": "2025-12-01T12:54:54Z", "versions": [ "999.0.0", "999.0.1" ], "sha256": "cc2b5ec947519cc5f4d537180821059db4c8d83050c93d36239acf1a8c71af4e", "id": "RLMA-2025-05629", "source": "reversing-labs", "import_time": "2025-12-02T09:09:39.015746751Z" }, { "modified_time": "2025-11-03T06:19:58.874371Z", "versions": [ "999.0.1", "999.0.0" ], "sha256": "7f0753619f8f552a04b9dcc17080484d476562561f65ad57ac0d307939555510", "id": "pypi/GENERIC-standard-pypi-install-pentest/python-requirements-inspector", "source": "kam193", "import_time": "2025-12-02T22:30:56.347659573Z" }, { "modified_time": "2025-11-03T06:19:58.874371Z", "versions": [ "999.0.1", "999.0.0" ], "sha256": "8f26b5cd7ab7cb6a847edc1afec2dc496ac0f0bd3f592f2a98391365298c4fc6", "id": "pypi/GENERIC-standard-pypi-install-pentest/python-requirements-inspector", "source": "kam193", "import_time": "2025-12-02T23:07:19.539408778Z" }, { "modified_time": "2025-11-03T06:19:58.874371Z", "versions": [ "999.0.0", "999.0.1" ], "sha256": "9f56a5f4c4b84f7fe25aaedbec24051ce3632f14a63d5addd0d0f1cfd384f498", "id": "pypi/GENERIC-standard-pypi-install-pentest/python-requirements-inspector", "source": "kam193", "import_time": "2025-12-30T22:39:04.3392628Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / python-requirements-inspector
Package
- Name
- python-requirements-inspector
- View open source insights on deps.dev
- Purl
- pkg:pypi/python-requirements-inspector