MAL-2025-6515
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/graphdict/MAL-2025-6515.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-6515
- Published
- 2025-07-09T18:18:10Z
- Modified
- 2026-03-19T12:53:29.806771Z
- Summary
- Malicious code in graphdict (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (d6536224bd962025c65671a0007df1998dbc9485dfb2d628b0a0d57ab916487e)
Malicious clone of legitimate networkx package with added hidden encrypted code. The exact behaviour unclear as it uses decryption key based on the arguments and config files
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-07-graphdict
Reasons (based on the campaign):
Downloads and executes a remote malicious script.
obfuscation
clones-real-package
- Database specific
{ "iocs": { "urls": [ "https://raw.githubusercontent.com/johns92/blog_app/refs/heads/main/server/.nvmrc", "https://raw.githubusercontent.com/johns92/blog_app/refs/heads/main/server/.env.example" ] }, "malicious-packages-origins": [ { "id": "RLMA-2025-03606", "import_time": "2025-08-01T10:07:11.493157498Z", "sha256": "c7101391422181823d61a3d636c7f9134c431e9b9c44cfe44b94eaafd7466cb9", "source": "reversing-labs", "modified_time": "2025-07-31T19:15:10Z", "versions": [ "3.4.0", "3.4.2", "3.4.6", "3.4.8", "3.4.10", "3.4.11", "3.4.12", "3.4.13", "3.4.14" ] }, { "id": "pypi/2025-07-graphdict/graphdict", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:55.226917668Z", "sha256": "c8ee8870b424d4d335d5d3c132e8e393dd102af2d95b00b112b5f320357f1858", "source": "kam193", "modified_time": "2025-07-09T18:18:10.916028Z" }, { "id": "pypi/2025-07-graphdict/graphdict", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:18.247368987Z", "sha256": "d6536224bd962025c65671a0007df1998dbc9485dfb2d628b0a0d57ab916487e", "source": "kam193", "modified_time": "2025-07-09T18:18:10.916028Z" }, { "id": "pypi/2025-07-graphdict/graphdict", "import_time": "2025-12-10T21:38:57.512878184Z", "sha256": "74ed208ded42d64f781d359a0bf37211d4a58f5d6a3b84d585d44ffa683de456", "source": "kam193", "modified_time": "2025-07-09T18:18:10.916028Z", "versions": [ "3.4.2", "3.4.0", "3.4.6", "3.4.8", "3.4.11", "3.4.10", "3.4.12", "3.4.13", "3.4.14" ] }, { "id": "pypi/2025-07-graphdict/graphdict", "import_time": "2025-12-30T22:39:04.091667992Z", "sha256": "d00497adc5227d643ba30f82de9c1daf348087666a0597e2cbe642a21772d033", "source": "kam193", "modified_time": "2025-07-09T18:18:10.916028Z", "versions": [ "3.4.0", "3.4.2", "3.4.6", "3.4.8", "3.4.10", "3.4.11", "3.4.12", "3.4.13", "3.4.14" ] }, { "id": "pypi/2025-07-graphdict/graphdict", "import_time": "2026-02-11T16:52:08.200658171Z", "sha256": "ebaed867b03d8b50669a2d39ceafad37cdded3be064ad1ab5b5af833eda3bf9d", "source": "kam193", "modified_time": "2025-07-09T18:18:10.916028Z", "versions": [ "3.4.0", "3.4.2", "3.4.6", "3.4.8", "3.4.10", "3.4.11", "3.4.12", "3.4.13", "3.4.14" ] }, { "id": "RLUA-2026-00364", "import_time": "2026-03-19T12:19:49.311680072Z", "sha256": "3decd52ea880fd85d18e4c27742117fa4f4ecc8ddd536be6d21e730c92da410e", "source": "reversing-labs", "modified_time": "2026-03-18T12:14:22Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / graphdict
Package
- Name
- graphdict
- View open source insights on deps.dev
- Purl
- pkg:pypi/graphdict