-= Per source details. Do not edit below this line.=-
Package clones another package and hides a code to download and run a malicious exe file (an infostealer with high VT detection)
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-12-discordbotstatus
Reasons (based on the campaign):
clones-real-package
Downloads and executes a remote executable.
infostealer
{
"malicious-packages-origins": [
{
"versions": [
"0.6.7"
],
"sha256": "86f8cdb3ebd03eb15ffca651714087164178302fd28712d8f93db9afc1efa534",
"modified_time": "2025-02-03T17:07:18Z",
"source": "reversing-labs",
"id": "RLMA-2025-00459",
"import_time": "2025-02-03T18:38:05.978064485Z"
},
{
"sha256": "04f85af7a716eef0e3ba184bfdbb9730199034bb964be77682dd8b3ecac2caa2",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-12-17T19:04:01Z",
"source": "kam193",
"id": "pypi/2024-12-discordbotstatus/discordbotstatus",
"import_time": "2025-12-02T22:30:55.106584314Z"
},
{
"sha256": "2dbd628d2baf4f55c8f9c9dcd441ae7deeee86379f73dd79beb48e41d4bfbe8f",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-12-17T19:04:01Z",
"source": "kam193",
"id": "pypi/2024-12-discordbotstatus/discordbotstatus",
"import_time": "2025-12-02T23:07:18.117822821Z"
},
{
"versions": [
"0.6.7"
],
"sha256": "ee161bf0f827abc703e8d03a5229b19f70f9dcc9363901e8f5979bade99ae520",
"modified_time": "2024-12-17T19:04:01Z",
"source": "kam193",
"id": "pypi/2024-12-discordbotstatus/discordbotstatus",
"import_time": "2025-12-10T21:38:57.402770326Z"
},
{
"sha256": "546d6e8e6d893c5dc351f84d497b909f9a71a9a9d1bb55725a86764a477451fb",
"modified_time": "2026-03-18T12:13:18Z",
"source": "reversing-labs",
"id": "RLUA-2026-00271",
"import_time": "2026-03-19T12:19:40.737401525Z"
}
],
"iocs": {
"urls": [
"https://github.com/RivalsTheBest/rezxo/raw/refs/heads/main/Client.exe"
]
}
}