{"id":"MAL-2024-12290","summary":"Malicious code in ibmodules (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (528799dcf6ef54776c89013435fe9dd3f4bd84ca5dd02a9defad3e9c86632e7c)\nPackages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-simple-tests\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-04-01T12:45:58.641302Z","published":"2024-08-23T22:55:41Z","database_specific":{"malicious-packages-origins":[{"sha256":"aaa59bd2a2d751fb9b3c426a7741871e79b6247ecefc8fe6d28279c62b3e5d3e","modified_time":"2024-08-23T22:55:41Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/GENERIC-simple-tests/ibmodules","import_time":"2025-12-02T22:30:56.111958961Z","source":"kam193"},{"sha256":"528799dcf6ef54776c89013435fe9dd3f4bd84ca5dd02a9defad3e9c86632e7c","modified_time":"2024-08-23T22:55:41Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/GENERIC-simple-tests/ibmodules","import_time":"2025-12-02T23:07:19.299568364Z","source":"kam193"},{"sha256":"372b929f27219a9cd22759fe626b35e49cbdd1a0871f6755b22ef257194bfaf4","modified_time":"2024-08-23T22:55:41Z","id":"pypi/GENERIC-simple-tests/ibmodules","import_time":"2025-12-10T21:38:58.432143304Z","versions":["0.1.2","0.1.1","0.1.0"],"source":"kam193"},{"sha256":"fb2d8d8fcf8c195d4328bcadbf7064f7f66054ce74f3719eb2d00bf7fe5023ca","modified_time":"2024-08-23T22:55:41Z","id":"pypi/GENERIC-simple-tests/ibmodules","import_time":"2025-12-30T22:39:04.300179424Z","versions":["0.1.0","0.1.1","0.1.2"],"source":"kam193"},{"sha256":"e2c8f8ea9f6b564d8d23a4501b2a559c28ca1158ffe0701344127c5b94b4cbf8","modified_time":"2024-08-23T22:55:41Z","id":"pypi/GENERIC-simple-tests/ibmodules","import_time":"2026-03-17T22:46:38.483774894Z","versions":["0.1.0","0.1.1","0.1.2"],"source":"kam193"},{"sha256":"5a52dd136ae32bfd341bacf97b6765785a6b73c905707ac338eecc6e047e128f","modified_time":"2026-03-24T15:22:15Z","id":"RLMA-2026-01683","import_time":"2026-04-01T12:26:05.834362108Z","versions":["0.1.0","0.1.1","0.1.2"],"source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/ibmodules"}],"affected":[{"package":{"name":"ibmodules","ecosystem":"PyPI","purl":"pkg:pypi/ibmodules"},"versions":["0.1.2","0.1.1","0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ibmodules/MAL-2024-12290.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}