MAL-2026-5812

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hello-test-s1/MAL-2026-5812.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5812
Published
2026-06-15T17:39:49Z
Modified
2026-06-15T19:06:36.655625996Z
Summary
Malicious code in hello-test-s1 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (3e38aef2a7eaa434284aa00122cf429e1a1a07658e02afec7bb3690d7cbfe9ec)

During installation or importing the module, the package starts a reverse shell to hardcoded locatiom

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-aiogram-sever-patch

Reasons (based on the campaign):

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • dependency-confusion

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "pypi/2025-12-aiogram-sever-patch/hello-test-s1",
            "import_time": "2026-06-15T18:54:58.629045299Z",
            "source": "kam193",
            "versions": [
                "0.1.0",
                "0.3.0",
                "0.3.1"
            ],
            "modified_time": "2026-06-15T17:41:54.234691Z",
            "sha256": "3e38aef2a7eaa434284aa00122cf429e1a1a07658e02afec7bb3690d7cbfe9ec"
        }
    ],
    "iocs": {
        "ips": [
            "147.45.124.42"
        ]
    }
}
References
Credits

Affected packages

PyPI / hello-test-s1

Package

Name
hello-test-s1
View open source insights on deps.dev
Purl
pkg:pypi/hello-test-s1

Affected ranges

Affected versions

0.*
0.1.0
0.3.0
0.3.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hello-test-s1/MAL-2026-5812.json"