MAL-2025-6460

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/babel-preset-current-node-syntax/MAL-2025-6460.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6460
Published
2024-09-06T11:29:16Z
Modified
2026-03-19T12:50:56.847480Z
Summary
Malicious code in babel-preset-current-node-syntax (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (227436e7c8f26da0ff88db12bd9102d85f9f596cf495b6e9192c634d275a5686)

Generic campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: GENERIC-questionable-pentest

Reasons (based on the campaign):

  • exfiltration-env-variables

  • exfiltration-generic

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • typosquatting

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2025-03545",
            "modified_time": "2025-07-31T19:14:18Z",
            "sha256": "43f6cb319ca0835689fd03f2d2f7a9e27baff475faaeebefbf76d08b7f80dfbe",
            "versions": [
                "2.1.1"
            ],
            "import_time": "2025-08-01T10:07:09.782114646Z"
        },
        {
            "source": "kam193",
            "id": "pypi/GENERIC-questionable-pentest/babel-preset-current-node-syntax",
            "modified_time": "2024-09-06T11:29:16Z",
            "sha256": "f6857c9d628c7ca66d782db1646baaa5cbc6170ea914beac846c7572bfb07cdd",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:54.964881638Z"
        },
        {
            "source": "kam193",
            "id": "pypi/GENERIC-questionable-pentest/babel-preset-current-node-syntax",
            "modified_time": "2024-09-06T11:29:16Z",
            "sha256": "227436e7c8f26da0ff88db12bd9102d85f9f596cf495b6e9192c634d275a5686",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:18.003059253Z"
        },
        {
            "source": "kam193",
            "id": "pypi/GENERIC-questionable-pentest/babel-preset-current-node-syntax",
            "modified_time": "2024-09-06T11:29:16Z",
            "sha256": "1eb3de37b04cf075b9535570800e665e132e0c40c1b59bdfbf8c4e9375a78fa5",
            "versions": [
                "2.1.1"
            ],
            "import_time": "2025-12-10T21:38:57.304733787Z"
        },
        {
            "source": "reversing-labs",
            "id": "RLUA-2026-00133",
            "modified_time": "2026-03-18T12:11:45Z",
            "sha256": "495ad126b322f1d6b89bfbc8ca9caf11403c5554271fe178c18776d07cd8718f",
            "import_time": "2026-03-19T12:19:28.317383025Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / babel-preset-current-node-syntax

Package

Name
babel-preset-current-node-syntax
View open source insights on deps.dev
Purl
pkg:pypi/babel-preset-current-node-syntax

Affected ranges

Affected versions

2.*
2.1.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/babel-preset-current-node-syntax/MAL-2025-6460.json"