MAL-2025-6495
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discord-booster/MAL-2025-6495.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-6495
- Published
- 2025-05-29T22:39:05Z
- Modified
- 2026-04-16T15:58:42.313743Z
- Summary
- Malicious code in discord-booster (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (f561c13e7822efe2d480bce32956c66b8eaabe69e40665997628b7b927e4e763)
Code downloads and runs the remote executable. While the current link seems not to work, the previous versions had an embedded infostealer instead.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-05-discord-booster
Reasons (based on the campaign):
infostealer
Downloads and executes a remote executable.
- Database specific
{ "iocs": { "domains": [ "edef4.pcloud.com" ] }, "malicious-packages-origins": [ { "sha256": "d54ad60e52de2d2211e91a11fe31093738cf5b0a667aeb14e85d401620ec4469", "import_time": "2025-08-01T10:07:10.945675084Z", "modified_time": "2025-07-31T19:14:53Z", "versions": [ "0.1", "0.2", "0.3", "0.6", "0.7", "0.8", "0.9" ], "id": "RLMA-2025-03586", "source": "reversing-labs" }, { "sha256": "a6170b165dae85bb1a871b758746f2d8ba437d22a209451a9d655cdf3dc93830", "import_time": "2025-12-02T22:30:55.102354321Z", "modified_time": "2025-05-29T22:39:05Z", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "id": "pypi/2025-05-discord-booster/discord-booster", "source": "kam193" }, { "sha256": "f561c13e7822efe2d480bce32956c66b8eaabe69e40665997628b7b927e4e763", "import_time": "2025-12-02T23:07:18.1136169Z", "modified_time": "2025-05-29T22:39:05Z", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "id": "pypi/2025-05-discord-booster/discord-booster", "source": "kam193" }, { "sha256": "97b4f06c13d19371735157a94f911094c126d9525e4cdb6d7b53f4aa19e2887c", "import_time": "2025-12-10T21:38:57.399041074Z", "modified_time": "2025-05-29T22:39:05Z", "versions": [ "0.1", "0.3", "0.2", "0.4", "0.5", "0.6", "0.8", "0.7", "0.9" ], "id": "pypi/2025-05-discord-booster/discord-booster", "source": "kam193" }, { "sha256": "78bc9119c8fecd435e35c9cd07b3b344baacd6e60cd661250dde3e957db61a16", "import_time": "2025-12-30T22:39:04.070552536Z", "modified_time": "2025-05-29T22:39:05Z", "versions": [ "0.1", "0.2", "0.3", "0.4", "0.5", "0.6", "0.7", "0.8", "0.9" ], "id": "pypi/2025-05-discord-booster/discord-booster", "source": "kam193" }, { "sha256": "732e17bb7c6ad11c7774831048158a9d79beccea0ffe9eed6c76d12954af21b2", "import_time": "2026-03-19T12:19:40.3067257Z", "modified_time": "2026-03-18T12:13:16Z", "id": "RLUA-2026-00267", "source": "reversing-labs" }, { "sha256": "e1cc6019d91de385658a13b7f1da0dfa28d27bd75924519e8d230271c10dbde5", "import_time": "2026-04-16T15:39:34.727856532Z", "modified_time": "2026-04-16T10:26:06Z", "versions": [ "0.4", "0.5" ], "id": "RLUA-2026-02069", "source": "reversing-labs" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / discord-booster
Package
- Name
- discord-booster
- View open source insights on deps.dev
- Purl
- pkg:pypi/discord-booster