{"id":"MAL-2024-10823","summary":"Malicious code in gr-mg (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (9299ffcce3856f06a694bb95009da56415f80f19ed8b67f444edbf4f3556ec77)\nA campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the username to the package author. There is no other purpose of the package.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2024-11-byted-dast\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - typosquatting\n\n\n - dependency-confusion\n\n## Source: ossf-package-analysis (09357c4f7df25348b725c739c5c4942a9eebf22af49c805a85005565688b53b0)\nThe OpenSSF Package Analysis project identified 'gr-mg' @ 99.6 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-12-12T20:39:48.295615Z","published":"2024-11-06T18:46:10Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","versions":["99.6"],"sha256":"09357c4f7df25348b725c739c5c4942a9eebf22af49c805a85005565688b53b0","import_time":"2024-11-19T07:05:38.34890117Z","modified_time":"2024-11-19T06:53:24Z"},{"source":"kam193","sha256":"9cfce76a262a0b8ca751de3de66c99518ff963a0710dc2b8a0eb4036fa4866fe","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T22:30:56.072358724Z","id":"pypi/2024-11-byted-dast/gr-mg","modified_time":"2024-11-06T18:46:10Z"},{"source":"kam193","sha256":"9299ffcce3856f06a694bb95009da56415f80f19ed8b67f444edbf4f3556ec77","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T23:07:19.261964038Z","id":"pypi/2024-11-byted-dast/gr-mg","modified_time":"2024-11-06T18:46:10Z"},{"source":"kam193","versions":["99.6"],"sha256":"f2420bbfbf8b0e29cbaf70955a77217796aba690ddaefad4d4f70b4002755bc0","import_time":"2025-12-10T21:38:58.402888599Z","id":"pypi/2024-11-byted-dast/gr-mg","modified_time":"2024-11-06T18:46:10Z"}],"iocs":{"domains":["byted-dast.com"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/gr-mg"}],"affected":[{"package":{"name":"gr-mg","ecosystem":"PyPI","purl":"pkg:pypi/gr-mg"},"versions":["99.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/gr-mg/MAL-2024-10823.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}