MAL-2025-969

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/reqiest/MAL-2025-969.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-969
Published
2024-12-24T18:09:49Z
Modified
2026-03-19T12:56:18.183432Z
Summary
Malicious code in reqiest (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (ae04fab0eca7fc7fee7494d9651df8a18dbe919cd8c0fa56522711b9f845aa25)

Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-reqesst

Reasons (based on the campaign):

  • infostealer

  • peristence-autorun

  • typosquatting

  • exfiltration-generic

  • Downloads and executes a remote executable.

  • clones-real-package

  • dependency-confusion

  • exfiltration-browser-data

  • exfiltration-crypto

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "2.32.2",
                "2.32.3"
            ],
            "sha256": "fb7e67ffcb0752f64c069c30ae3c56c976ca00cd1537c82c3c0e481d246138b0",
            "modified_time": "2025-02-03T17:07:47Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-00510",
            "import_time": "2025-02-03T18:38:08.604876665Z"
        },
        {
            "sha256": "198b2afa2e11355a32d3633f59be1fdae6f45cef2b6bb6c7623fc5711d03ab6f",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-12-24T18:09:49Z",
            "source": "kam193",
            "id": "pypi/2024-12-reqesst/reqiest",
            "import_time": "2025-12-02T22:30:55.531776998Z"
        },
        {
            "sha256": "ae04fab0eca7fc7fee7494d9651df8a18dbe919cd8c0fa56522711b9f845aa25",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2024-12-24T18:09:49Z",
            "source": "kam193",
            "id": "pypi/2024-12-reqesst/reqiest",
            "import_time": "2025-12-02T23:07:18.569426052Z"
        },
        {
            "versions": [
                "2.32.3",
                "2.32.2"
            ],
            "sha256": "0ab04506008fe98ae76409508391150d7c4510c6eb4c811242a24dad1a7ec05a",
            "modified_time": "2024-12-24T18:09:49Z",
            "source": "kam193",
            "id": "pypi/2024-12-reqesst/reqiest",
            "import_time": "2025-12-10T21:38:57.778350504Z"
        },
        {
            "versions": [
                "2.32.2",
                "2.32.3"
            ],
            "sha256": "509af45d62461201a8ec2bbc9979523b7c3245d7f4905988bf86d71fd4301536",
            "modified_time": "2024-12-24T18:09:49Z",
            "source": "kam193",
            "id": "pypi/2024-12-reqesst/reqiest",
            "import_time": "2025-12-30T22:39:04.159881703Z"
        },
        {
            "sha256": "e5a5b034cc102af3bf2185a5d4d1fc0ae9ea1a964f84e89a67e4519c0cfd7315",
            "modified_time": "2026-03-18T12:18:08Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-00698",
            "import_time": "2026-03-19T12:20:21.800679723Z"
        }
    ],
    "iocs": {
        "urls": [
            "https://www.dropbox.com/scl/fi/d4ftoxxvovr12f4tjh0mc/H7Glqp2Vy.exe?rlkey=z323u7r1ipm2tegn2dqlqzv9l&st=9gg48qpa&dl=1"
        ]
    }
}
References
Credits

Affected packages

PyPI / reqiest

Package

Affected ranges

Affected versions

2.*
2.32.2
2.32.3

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/reqiest/MAL-2025-969.json"