MAL-2025-6513

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/gramapi/MAL-2025-6513.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6513
Published
2025-07-11T22:51:02Z
Modified
2026-03-19T12:53:31.112141Z
Summary
Malicious code in gramapi (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea)

The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-puregram

Reasons (based on the campaign):

  • The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2025-03604",
            "modified_time": "2025-07-31T19:15:09Z",
            "sha256": "43e09b4c772dcc6f820f6c1d9afa45843094d16166b4544dd21598a65f9713a0",
            "versions": [
                "1.0.0",
                "1.0.2",
                "1.0.3"
            ],
            "import_time": "2025-08-01T10:07:11.449674325Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-07-puregram/gramapi",
            "modified_time": "2025-07-11T22:51:02.720963Z",
            "sha256": "6c159a05f62456f5baab74fe6eb262de26bc0197e4dc716998acbd314a09c4ff",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:55.226155343Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-07-puregram/gramapi",
            "modified_time": "2025-07-11T22:51:02.720963Z",
            "sha256": "2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:18.246427699Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-07-puregram/gramapi",
            "modified_time": "2025-07-11T22:51:02.720963Z",
            "sha256": "449b726b8d94155052c2ea096db2129fb5a6d3408dad3992d352fb621d814c60",
            "versions": [
                "1.0.0",
                "1.0.3",
                "1.0.2"
            ],
            "import_time": "2025-12-10T21:38:57.512082771Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2025-07-puregram/gramapi",
            "modified_time": "2025-07-11T22:51:02.720963Z",
            "sha256": "a930516836313a3b8bacb726092701de52a88eb261565c2eb3e72328c4772aec",
            "versions": [
                "1.0.0",
                "1.0.2",
                "1.0.3"
            ],
            "import_time": "2025-12-30T22:39:04.090751432Z"
        },
        {
            "source": "reversing-labs",
            "id": "RLUA-2026-00362",
            "modified_time": "2026-03-18T12:14:21Z",
            "sha256": "edbfccfc49a6f27380df3798cfcf8f53df0abc2f38d85818668e2b765bf380dc",
            "import_time": "2026-03-19T12:19:49.147225032Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / gramapi

Package

Name
gramapi
View open source insights on deps.dev
Purl
pkg:pypi/gramapi

Affected ranges

Affected versions

1.*
1.0.0
1.0.2
1.0.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/gramapi/MAL-2025-6513.json"