{"id":"MAL-2025-191745","summary":"Malicious code in gtts-lts (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (7cfb789704a149f7b741d0c68fcb8a32a1e189444ca36f97e435e59d04e073b8)\nDuring the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-09-gtts-lts\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - action-hidden-in-lib-usage\n","modified":"2025-12-31T02:54:02.416408Z","published":"2025-09-15T16:44:31Z","database_specific":{"iocs":{"urls":["https://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/meow.bin","https://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/shell.exe"]},"malicious-packages-origins":[{"id":"pypi/2025-09-gtts-lts/gtts-lts","versions":["2.5.8","2.5.7","2.5.6","2.5.5","2.5.4","2.5.3","2.5.2","2.5.1"],"modified_time":"2025-09-15T16:44:31.710838Z","import_time":"2025-12-02T22:30:55.229964996Z","sha256":"9b0e8dd9fd7e7fccd68fdb4c20f8b89e3d563e48aff667fc0e8080c77b38d4dc","source":"kam193"},{"id":"pypi/2025-09-gtts-lts/gtts-lts","versions":["2.5.8","2.5.7","2.5.6","2.5.5","2.5.4","2.5.3","2.5.2","2.5.1"],"modified_time":"2025-09-15T16:44:31.710838Z","import_time":"2025-12-02T23:07:18.250934654Z","sha256":"7cfb789704a149f7b741d0c68fcb8a32a1e189444ca36f97e435e59d04e073b8","source":"kam193"},{"id":"pypi/2025-09-gtts-lts/gtts-lts","versions":["2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.5.7","2.5.8"],"modified_time":"2025-09-15T16:44:31.710838Z","import_time":"2025-12-30T22:39:04.094661033Z","sha256":"9c5cebf95ec5752e6643b2129bca380d43d5b1845ae0e5313953749ab3c7c782","source":"kam193"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/gtts-lts"}],"affected":[{"package":{"name":"gtts-lts","ecosystem":"PyPI","purl":"pkg:pypi/gtts-lts"},"versions":["2.5.8","2.5.7","2.5.6","2.5.5","2.5.4","2.5.3","2.5.2","2.5.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/gtts-lts/MAL-2025-191745.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"}]}