MAL-2025-6531

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/justanything/MAL-2025-6531.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6531
Published
2025-06-13T14:03:05Z
Modified
2026-03-19T12:54:19.255221Z
Summary
Malicious code in justanything (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (206471fdab67d7afeeb5fa6ee55cdb14b88338b58b50a5b73f31bbbb5e66e65b)

Code is designed to download and run remote scripts during installation, which finally downloads and starts an infostealer

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-06-justanything

Reasons (based on the campaign):

  • infostealer

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • Downloads and executes a remote malicious script.

  • Downloads and executes a remote executable.

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-07-31T19:15:26Z",
            "versions": [
                "0.1.3"
            ],
            "sha256": "a9aa75c187e72700ba09ed4702cffa378cadeb41eeb75d23c948f482db23d958",
            "id": "RLMA-2025-03624",
            "source": "reversing-labs",
            "import_time": "2025-08-01T10:07:12.102289704Z"
        },
        {
            "modified_time": "2025-06-13T14:03:05Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "5e1f94487dbebd32a85316b803acaa36b561736cb623779bfb16230740d6d4a7",
            "id": "pypi/2025-06-justanything/justanything",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.290025918Z"
        },
        {
            "modified_time": "2025-06-13T14:03:05Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "206471fdab67d7afeeb5fa6ee55cdb14b88338b58b50a5b73f31bbbb5e66e65b",
            "id": "pypi/2025-06-justanything/justanything",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.314352319Z"
        },
        {
            "modified_time": "2025-06-13T14:03:05Z",
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2",
                "0.1.3"
            ],
            "sha256": "36d8d08634f081e7ca5a41a775e7df4da0ff4eee88614636be798a2180e74b25",
            "id": "pypi/2025-06-justanything/justanything",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:57.559463547Z"
        },
        {
            "modified_time": "2026-03-18T12:15:18Z",
            "versions": [
                "0.1.0",
                "0.1.1",
                "0.1.2"
            ],
            "sha256": "cd665efafa85a40cabfc8646ae2c697e6563c527618cc6560a95a5034063ca42",
            "id": "RLUA-2026-00445",
            "source": "reversing-labs",
            "import_time": "2026-03-19T12:19:56.951080996Z"
        }
    ],
    "iocs": {
        "domains": [
            "fastobfuscate.run"
        ],
        "urls": [
            "https://fastobfuscate.run/1.txt",
            "https://fastobfuscate.run/main.py",
            "https://fastobfuscate.run/python.exe"
        ]
    }
}
References
Credits

Affected packages

PyPI / justanything

Package

Name
justanything
View open source insights on deps.dev
Purl
pkg:pypi/justanything

Affected ranges

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/justanything/MAL-2025-6531.json"