MAL-2025-6248

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/foundry-jupyter-extension/MAL-2025-6248.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6248
Published
2025-07-26T01:36:46Z
Modified
2025-12-12T20:39:39.421034Z
Summary
Malicious code in foundry-jupyter-extension (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (8114162af3676e6c75f96e1dc953dae363e41fab4e9b3ce75a84b261aece0113)

Installing or importing the module triggers exfiltration of environmental variables

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-foundry-jupyter-extension

Reasons (based on the campaign):

  • exfiltration-env-variables

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Source: ossf-package-analysis (18120bcaae1e9da4251368d123f8dfe860d3c2af2fbbb8393d2a323c5c8571f2)

The OpenSSF Package Analysis project identified 'foundry-jupyter-extension' @ 0.23.0 (pypi) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "18120bcaae1e9da4251368d123f8dfe860d3c2af2fbbb8393d2a323c5c8571f2",
            "source": "ossf-package-analysis",
            "versions": [
                "0.23.0"
            ],
            "modified_time": "2025-07-26T01:36:46Z",
            "import_time": "2025-07-26T02:40:15.433782373Z"
        },
        {
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "id": "pypi/2025-07-foundry-jupyter-extension/foundry-jupyter-extension",
            "sha256": "33ddd7b7b48ab562ae5eabf7493831b302bbf4d725307e51e7563947ddfeefbb",
            "source": "kam193",
            "modified_time": "2025-07-26T12:26:59.241844Z",
            "import_time": "2025-12-02T22:30:55.204615822Z"
        },
        {
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "id": "pypi/2025-07-foundry-jupyter-extension/foundry-jupyter-extension",
            "sha256": "8114162af3676e6c75f96e1dc953dae363e41fab4e9b3ce75a84b261aece0113",
            "source": "kam193",
            "modified_time": "2025-07-26T12:26:59.241844Z",
            "import_time": "2025-12-02T23:07:18.213470314Z"
        },
        {
            "id": "pypi/2025-07-foundry-jupyter-extension/foundry-jupyter-extension",
            "sha256": "b151318ecdd7d06f606841bd6b827b3f6a5b968907db8b96e74cd739e51368a7",
            "source": "kam193",
            "versions": [
                "0.20.0",
                "0.21.0",
                "0.22.0",
                "0.23.0",
                "800.23.0"
            ],
            "modified_time": "2025-07-26T12:26:59.241844Z",
            "import_time": "2025-12-10T21:38:57.498620476Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / foundry-jupyter-extension

Package

Name
foundry-jupyter-extension
View open source insights on deps.dev
Purl
pkg:pypi/foundry-jupyter-extension

Affected ranges

Affected versions

0.*
0.20.0
0.21.0
0.22.0
0.23.0
800.*
800.23.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/foundry-jupyter-extension/MAL-2025-6248.json"