{"id":"MAL-2025-191692","summary":"Malicious code in bh-usa-req-ase (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8c83e1a14cfb125b4cfcb3e1ca52afd31fb170b78ade2aa3fd31cc846b8ac7da)\nIf run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-jsonreq-ase\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-credentials\n","modified":"2025-12-12T20:36:30.544071Z","published":"2025-08-02T18:41:14Z","database_specific":{"iocs":{"domains":["eo64g38fdes1lxm.m.pipedream.net"]},"malicious-packages-origins":[{"import_time":"2025-12-02T22:30:54.988522067Z","modified_time":"2025-08-02T18:41:14.283168Z","source":"kam193","id":"pypi/2025-07-jsonreq-ase/bh-usa-req-ase","sha256":"20cebe72bafeef27a21c7abcfa9684f452b4310b17d1e86a186b603710082f1c","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"import_time":"2025-12-02T23:07:18.023087578Z","modified_time":"2025-08-02T18:41:14.283168Z","source":"kam193","id":"pypi/2025-07-jsonreq-ase/bh-usa-req-ase","sha256":"8c83e1a14cfb125b4cfcb3e1ca52afd31fb170b78ade2aa3fd31cc846b8ac7da","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"import_time":"2025-12-10T21:38:57.316686522Z","versions":["0.0.3"],"modified_time":"2025-08-02T18:41:14.283168Z","source":"kam193","id":"pypi/2025-07-jsonreq-ase/bh-usa-req-ase","sha256":"54ec82a46b35f941de1cdc7d1937af232f7d9dc3d1bafd7c2b579a5b56b0c6f3"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/bh-usa-req-ase"}],"affected":[{"package":{"name":"bh-usa-req-ase","ecosystem":"PyPI","purl":"pkg:pypi/bh-usa-req-ase"},"versions":["0.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bh-usa-req-ase/MAL-2025-191692.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}