-= Per source details. Do not edit below this line.=-
The package was found to contain malicious code or consuming dependency that contains malicious code
During installation or importing the module, the package starts a reverse shell to hardcoded locatiom
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-aiogram-sever-patch
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package overrides the install command in setup.py to execute malicious code during installation.
dependency-confusion
{
"malicious-packages-origins": [
{
"versions": [
"0.1.0",
"0.3.0",
"0.3.1"
],
"id": "pypi/2025-12-aiogram-sever-patch/hello-test-s1",
"import_time": "2026-06-15T18:54:58.629045299Z",
"sha256": "3e38aef2a7eaa434284aa00122cf429e1a1a07658e02afec7bb3690d7cbfe9ec",
"modified_time": "2026-06-15T17:41:54.234691Z",
"source": "kam193"
},
{
"versions": [
"0.1.0"
],
"id": "IN-MAL-2026-008358",
"import_time": "2026-07-08T20:32:18.232258944Z",
"modified_time": "2026-07-08T19:58:36Z",
"sha256": "e168a49ebd07050fbf35d1cd9714b289903c0593b9bdef27874f975be60461b7",
"source": "amazon-inspector"
}
],
"iocs": {
"ips": [
"147.45.124.42"
]
}
}{
"package_integrity": [
{
"filename": "hello_test_s1-0.1.0.tar.gz",
"hashes": {
"md5": "9016bb98c1672cc69f6e51046457fdeb",
"sha256": "7533e42e21b798b347fbe513c9ada141a95bfda5130033cc5dc30ff5172ab6c7",
"blake2b_256": "10f661f6fe847ea79af099c902328a9d12dcb6e031edb3721df9ada21c54192c"
}
}
]
}
[
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hello-test-s1/MAL-2026-5812.json"