{"id":"MAL-2025-1512","summary":"Malicious code in testresearchpackagedc (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b9a3d67880a7182900acdd5dafdb79bff126438c5538693dbd27c0c0848b2fb3)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (cb6e63a51de79ba3f21f381f82a4f17b1b9627c51173ea1ee6482929813b0511)\nThe OpenSSF Package Analysis project identified 'testresearchpackagedc' @ 0.1.6 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-12-31T02:55:17.704542Z","published":"2024-07-26T16:53:30Z","database_specific":{"malicious-packages-origins":[{"versions":["0.1.6"],"import_time":"2025-02-21T17:05:14.825139069Z","source":"ossf-package-analysis","sha256":"cb6e63a51de79ba3f21f381f82a4f17b1b9627c51173ea1ee6482929813b0511","modified_time":"2025-02-21T17:00:50Z"},{"source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/testresearchpackagedc","import_time":"2025-12-02T22:30:56.449614514Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"93f70e79a91cdc433890cbb2af2356854c11d23ae7255e7d2e5abdfbc8b45fbc","modified_time":"2024-07-26T16:53:30Z"},{"source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/testresearchpackagedc","import_time":"2025-12-02T23:07:19.633846074Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"b9a3d67880a7182900acdd5dafdb79bff126438c5538693dbd27c0c0848b2fb3","modified_time":"2024-07-26T16:53:30Z"},{"versions":["0.1.0","0.1.2","0.1.3","0.1.4","0.1.6","0.1.5"],"id":"pypi/GENERIC-standard-pypi-install-pentest/testresearchpackagedc","import_time":"2025-12-10T21:38:58.737141261Z","source":"kam193","sha256":"222c9aab133960ef3a9bc2b06322e8631c93e736b5983572730387ffc09ceae2","modified_time":"2024-07-26T16:53:30Z"},{"versions":["0.1.0","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6"],"id":"pypi/GENERIC-standard-pypi-install-pentest/testresearchpackagedc","import_time":"2025-12-30T22:39:04.357262032Z","source":"kam193","sha256":"c5c4116e65563422a5bfc464d57acdfb88b55d91e4024fcd766b6d82ad0e090d","modified_time":"2024-07-26T16:53:30Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/testresearchpackagedc"}],"affected":[{"package":{"name":"testresearchpackagedc","ecosystem":"PyPI","purl":"pkg:pypi/testresearchpackagedc"},"versions":["0.1.6","0.1.0","0.1.2","0.1.3","0.1.4","0.1.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/testresearchpackagedc/MAL-2025-1512.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}