{"id":"MAL-2025-191646","summary":"Malicious code in makronlox (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (f918d3ae448737e8a58e16ad57af3037e27ba8ab02fef22ba6e0b4f6f2c49e1a)\nPackage automatically download and runs an executable, which then imitates a malicious action and requests ransom payment.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-10-makronlox\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-03-19T12:54:26.708664Z","published":"2025-10-16T20:06:59Z","database_specific":{"malicious-packages-origins":[{"versions":["0.1.0","0.1.1"],"source":"reversing-labs","modified_time":"2025-12-01T12:54:39Z","import_time":"2025-12-02T09:09:38.274159953Z","id":"RLMA-2025-05618","sha256":"47be8a7e5f1940d95c2347fecd3bb6c7f27e108baa8e7d05164057ab477e35a1"},{"versions":["0.1.1","0.1.0"],"source":"kam193","modified_time":"2025-10-16T20:06:59.603962Z","import_time":"2025-12-02T22:30:55.322055382Z","id":"pypi/2025-10-makronlox/makronlox","sha256":"17abd14fe59573528e2f3cb5f17962f31547b060a04b3ba386d914ee0a2da190"},{"versions":["0.1.1","0.1.0"],"source":"kam193","modified_time":"2025-10-16T20:06:59.603962Z","import_time":"2025-12-02T23:07:18.349510064Z","id":"pypi/2025-10-makronlox/makronlox","sha256":"f918d3ae448737e8a58e16ad57af3037e27ba8ab02fef22ba6e0b4f6f2c49e1a"},{"versions":["0.1.0","0.1.1"],"source":"kam193","modified_time":"2025-10-16T20:06:59.603962Z","import_time":"2025-12-30T22:39:04.124783434Z","id":"pypi/2025-10-makronlox/makronlox","sha256":"972236288ab417e0cd3764ea452ba8812663a2ea575fffbc47bc34d4c9387d63"},{"source":"reversing-labs","modified_time":"2026-03-18T12:15:47Z","import_time":"2026-03-19T12:20:01.036027873Z","id":"RLUA-2026-00488","sha256":"a8e8182c2a32d7548945d394510b18fc41147847c423b9ebbcd7c17a2fa37d9e"}],"iocs":{"urls":["https://www.dropbox.com/scl/fi/19qqc7egp8py7t7ov659m/123.exe?rlkey=oc0nbftrgxo4avtee5grwbmqi&st=8q0bp98n&dl=1"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/makronlox"}],"affected":[{"package":{"name":"makronlox","ecosystem":"PyPI","purl":"pkg:pypi/makronlox"},"versions":["0.1.0","0.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/makronlox/MAL-2025-191646.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}