MAL-2025-5654
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/malicus/MAL-2025-5654.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-5654
- Published
- 2025-07-04T11:00:53Z
- Modified
- 2025-12-12T20:42:34.079419Z
- Summary
- Malicious code in malicus (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (d151385056670ff22bfb80dc356c10ff622a77e115f8d81ee5f066220e05fda1)
The only goal of the package is to execute a webhook or a suspicious file during installation.
Closely related to 2025-07-0x9xnx - created after previous packages were quarantined, similar names, similar usage, but no clearly malicious parts.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2025-07-malimalo
Reasons (based on the campaign):
- The package overrides the install command in setup.py to execute malicious code during installation.
Source: ossf-package-analysis (a33ca8f3dec153ea010973822a2919bfa0530325bf4b037096177eb3c6ba9aed)
The OpenSSF Package Analysis project identified 'malicus' @ 0.0.1 (pypi) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2025-07-08T05:39:10.264144376Z", "sha256": "a33ca8f3dec153ea010973822a2919bfa0530325bf4b037096177eb3c6ba9aed", "source": "ossf-package-analysis", "modified_time": "2025-07-04T11:00:53Z", "versions": [ "0.0.1" ] }, { "id": "RLMA-2025-03635", "import_time": "2025-08-01T10:07:12.383399166Z", "sha256": "511a0df9ce62865e7fe9d9ab88084449ca162955e421d25e18faea4a42d8cb02", "source": "reversing-labs", "modified_time": "2025-07-31T19:15:35Z", "versions": [ "0.0.1" ] }, { "id": "pypi/2025-07-malimalo/malicus", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:56.188240021Z", "sha256": "c82c6aaa8ce5fca384275ee10590977703f1b95785ff710809c4b28617464e52", "source": "kam193", "modified_time": "2025-07-04T11:41:06Z" }, { "id": "pypi/2025-07-malimalo/malicus", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:19.370315563Z", "sha256": "d151385056670ff22bfb80dc356c10ff622a77e115f8d81ee5f066220e05fda1", "source": "kam193", "modified_time": "2025-07-04T11:41:06Z" }, { "id": "pypi/2025-07-malimalo/malicus", "import_time": "2025-12-10T21:38:58.495928349Z", "sha256": "d9368e68116db74a18b2468d7c138dec41ea67b55922d40ceaa5acf939589e48", "source": "kam193", "modified_time": "2025-07-04T11:41:06Z", "versions": [ "0.0.1" ] } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / malicus
Package
- Name
- malicus
- View open source insights on deps.dev
- Purl
- pkg:pypi/malicus