MAL-2025-920

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordbotstatus/MAL-2025-920.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-920
Published
2024-12-17T19:04:01Z
Modified
2026-03-19T12:52:32.337625Z
Summary
Malicious code in discordbotstatus (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (2dbd628d2baf4f55c8f9c9dcd441ae7deeee86379f73dd79beb48e41d4bfbe8f)

Package clones another package and hides a code to download and run a malicious exe file (an infostealer with high VT detection)


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-discordbotstatus

Reasons (based on the campaign):

  • clones-real-package

  • Downloads and executes a remote executable.

  • infostealer

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.6.7"
            ],
            "sha256": "86f8cdb3ebd03eb15ffca651714087164178302fd28712d8f93db9afc1efa534",
            "modified_time": "2025-02-03T17:07:18Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-00459",
            "import_time": "2025-02-03T18:38:05.978064485Z"
        },
        {
            "sha256": "04f85af7a716eef0e3ba184bfdbb9730199034bb964be77682dd8b3ecac2caa2",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-12-17T19:04:01Z",
            "source": "kam193",
            "id": "pypi/2024-12-discordbotstatus/discordbotstatus",
            "import_time": "2025-12-02T22:30:55.106584314Z"
        },
        {
            "sha256": "2dbd628d2baf4f55c8f9c9dcd441ae7deeee86379f73dd79beb48e41d4bfbe8f",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-12-17T19:04:01Z",
            "source": "kam193",
            "id": "pypi/2024-12-discordbotstatus/discordbotstatus",
            "import_time": "2025-12-02T23:07:18.117822821Z"
        },
        {
            "versions": [
                "0.6.7"
            ],
            "sha256": "ee161bf0f827abc703e8d03a5229b19f70f9dcc9363901e8f5979bade99ae520",
            "modified_time": "2024-12-17T19:04:01Z",
            "source": "kam193",
            "id": "pypi/2024-12-discordbotstatus/discordbotstatus",
            "import_time": "2025-12-10T21:38:57.402770326Z"
        },
        {
            "sha256": "546d6e8e6d893c5dc351f84d497b909f9a71a9a9d1bb55725a86764a477451fb",
            "modified_time": "2026-03-18T12:13:18Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00271",
            "import_time": "2026-03-19T12:19:40.737401525Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://github.com/RivalsTheBest/rezxo/raw/refs/heads/main/Client.exe"
        ]
    }
}
References
Credits

Affected packages

PyPI / discordbotstatus

Package

Name
discordbotstatus
View open source insights on deps.dev
Purl
pkg:pypi/discordbotstatus

Affected ranges

Affected versions

0.*
0.6.7

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordbotstatus/MAL-2025-920.json"