MAL-2025-6538

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/logghelper/MAL-2025-6538.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-6538

Published

2025-07-16T19:30:11Z

Modified

2026-03-19T12:54:33.100982Z

Summary

Malicious code in logghelper (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (2a5f0848002e1727d885bdf20c39e4949fd9609a4df5164a8c42ccc870aa6736)

Code attempts to download and run malware, as well as keeps ability to execute files sent via Telegram C2 channel

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-logghelper

Reasons (based on the campaign):

malware
infostealer
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Database specific

{
    "iocs": {
        "urls": [
            "http://89.23.97.112:8080/Python.exe"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "RLMA-2025-03632",
            "import_time": "2025-08-01T10:07:12.302369901Z",
            "sha256": "95dc49007971e90eb3fea73deb17542dfe6dd3b311c7498910299ef2a44a1065",
            "source": "reversing-labs",
            "modified_time": "2025-07-31T19:15:33Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "id": "pypi/2025-07-logghelper/logghelper",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:55.314720955Z",
            "sha256": "653e827245df38ad57a6183cebfbf175cb68b166b03451a58ffcba38e54d9400",
            "source": "kam193",
            "modified_time": "2025-07-16T19:30:11.679248Z"
        },
        {
            "id": "pypi/2025-07-logghelper/logghelper",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:18.341424508Z",
            "sha256": "2a5f0848002e1727d885bdf20c39e4949fd9609a4df5164a8c42ccc870aa6736",
            "source": "kam193",
            "modified_time": "2025-07-16T19:30:11.679248Z"
        },
        {
            "id": "pypi/2025-07-logghelper/logghelper",
            "import_time": "2025-12-10T21:38:57.576117894Z",
            "sha256": "f229b4e3e5216e3457a0b274f269964b652807c96405cea627ec8266316ed174",
            "source": "kam193",
            "modified_time": "2025-07-16T19:30:11.679248Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "id": "RLUA-2026-00476",
            "import_time": "2026-03-19T12:20:00.054541228Z",
            "sha256": "3d2e6d280b8b5061729c5d5efcb3bad8720677ee1b9bd028bb8808fee924046b",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:15:39Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/logghelper

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / logghelper

Package

Name: logghelper; View open source insights on deps.dev
Purl: pkg:pypi/logghelper

Affected ranges

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/logghelper/MAL-2025-6538.json"