MAL-2025-6469

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/browser-history-analysis/MAL-2025-6469.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6469
Published
2025-06-15T20:28:41Z
Modified
2026-03-19T12:51:23.282698Z
Summary
Malicious code in browser-history-analysis (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (032a326beadf36ce66d29555a7dacc90d6dfc733435dc61852cbc1e5128ee73d)

When starting the server with expected functionality with potentially sensitive content, the package silently sends the location (external IP) to a remote location. If the computer is directly exposed to the Internet, it allows the uploader to get access to the data.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-06-browser-history-analytics

Reasons (based on the campaign):

  • action-hidden-in-lib-usage

  • other

  • obfuscation

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-07-31T19:14:26Z",
            "versions": [
                "1.0.1"
            ],
            "sha256": "1223e520bb382299b5f4962c8d8c6c5563636f3605a628f0f5afe0ea78eb0f39",
            "id": "RLMA-2025-03554",
            "source": "reversing-labs",
            "import_time": "2025-08-01T10:07:10.085468395Z"
        },
        {
            "modified_time": "2025-06-15T20:28:41Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "d4f8fc1bbd0421dab5ab43d9fa1e5a7e290ee64931fb1227d0e8fcb6bdc583be",
            "id": "pypi/2025-06-browser-history-analytics/browser-history-analysis",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.008440544Z"
        },
        {
            "modified_time": "2025-06-15T20:28:41Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "032a326beadf36ce66d29555a7dacc90d6dfc733435dc61852cbc1e5128ee73d",
            "id": "pypi/2025-06-browser-history-analytics/browser-history-analysis",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.034564696Z"
        },
        {
            "modified_time": "2025-06-15T20:28:41Z",
            "versions": [
                "1.0.1"
            ],
            "sha256": "717c48930d1faf9ad8dfd9dc503a807dc0c18bd8b51c23ac303cdf420ab7c75e",
            "id": "pypi/2025-06-browser-history-analytics/browser-history-analysis",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:57.328185405Z"
        },
        {
            "modified_time": "2026-03-18T12:12:02Z",
            "sha256": "595c12ccecf98a356dd31b875905ca59ef7c8e37e80bd55a71905a8596fc8fda",
            "id": "RLUA-2026-00158",
            "source": "reversing-labs",
            "import_time": "2026-03-19T12:19:30.486926323Z"
        }
    ],
    "iocs": {
        "domains": [
            "arpy8-bha-dubious-backend.hf.space"
        ],
        "urls": [
            "https://arpy8-bha-dubious-backend.hf.space/set"
        ]
    }
}
References
Credits

Affected packages

PyPI / browser-history-analysis

Package

Name
browser-history-analysis
View open source insights on deps.dev
Purl
pkg:pypi/browser-history-analysis

Affected ranges

Affected versions

1.*
1.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/browser-history-analysis/MAL-2025-6469.json"