MAL-2025-5112

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discorddox/MAL-2025-5112.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-5112

Published

2025-05-12T20:59:25Z

Modified

2026-03-19T12:52:36.847519Z

Summary

Malicious code in discorddox (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (52f656f62a0fe1e90282cf7e8004bfd78e69a854e5e7a9c33ef72b7e5b43b831)

The package contains an embedded malicious executable (probably blank grabber) started when running the module.

Probably continuation of 2025-05-pydoxing

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-05-telegramdoxing

Reasons (based on the campaign):

infostealer
infostealer:blankgrabber

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2025-03009",
            "import_time": "2025-06-18T15:06:00.971557728Z",
            "sha256": "8f20e1e13eb3beb82587d2a2600323bc893176e78b3ef020ca41c75e04a63b19",
            "source": "reversing-labs",
            "modified_time": "2025-06-18T10:15:09Z",
            "versions": [
                "0.1.8",
                "1.8.8"
            ]
        },
        {
            "id": "pypi/2025-05-telegramdoxing/discorddox",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:55.107377526Z",
            "sha256": "b4c2a07c246c68560539fffa5e862c67358e50b41ef0e1d5060547bf6281d6ac",
            "source": "kam193",
            "modified_time": "2025-05-12T20:59:25Z"
        },
        {
            "id": "pypi/2025-05-telegramdoxing/discorddox",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:18.118624667Z",
            "sha256": "52f656f62a0fe1e90282cf7e8004bfd78e69a854e5e7a9c33ef72b7e5b43b831",
            "source": "kam193",
            "modified_time": "2025-05-12T20:59:25Z"
        },
        {
            "id": "pypi/2025-05-telegramdoxing/discorddox",
            "import_time": "2025-12-10T21:38:57.403698115Z",
            "sha256": "15b3247cdc9971093df59eca596defad5dcaf64905671a595b558b4c8fc4d761",
            "source": "kam193",
            "modified_time": "2025-05-12T20:59:25Z",
            "versions": [
                "0.1.8",
                "1.8.8"
            ]
        },
        {
            "id": "RLUA-2026-00272",
            "import_time": "2026-03-19T12:19:40.824285196Z",
            "sha256": "ec93fe04987030f2fc9ebe288e48e22a0fd265eb51f687844ccce95360e49b25",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:13:18Z"
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / discorddox

Package

Name: discorddox; View open source insights on deps.dev
Purl: pkg:pypi/discorddox

Affected ranges

Affected versions

0.*

0.1.8

1.*

1.8.8

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discorddox/MAL-2025-5112.json"