{"id":"MAL-2025-191768","summary":"Malicious code in jsonreq-ase (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b2470d0f1bf1493c176d8622368f7f975be80c5f8a2acfa1dcae8199bc54e7ed)\nIf run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-jsonreq-ase\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-credentials\n","modified":"2025-12-12T20:38:05.318549Z","published":"2025-07-07T08:38:56Z","database_specific":{"malicious-packages-origins":[{"sha256":"119658e0926602cedc010f7d31305335b7a4b4384976b5550041295d79732c95","id":"pypi/2025-07-jsonreq-ase/jsonreq-ase","import_time":"2025-12-02T22:30:55.282478994Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","modified_time":"2025-07-07T08:38:56Z"},{"sha256":"b2470d0f1bf1493c176d8622368f7f975be80c5f8a2acfa1dcae8199bc54e7ed","id":"pypi/2025-07-jsonreq-ase/jsonreq-ase","import_time":"2025-12-02T23:07:18.30632101Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","modified_time":"2025-07-07T08:38:56Z"},{"sha256":"f8e76ef024557acbe9f3321465444852bc04bfab382e8613ac9ff9f0dc40aa1d","id":"pypi/2025-07-jsonreq-ase/jsonreq-ase","import_time":"2025-12-10T21:38:57.551769945Z","modified_time":"2025-07-07T08:38:56Z","source":"kam193","versions":["0.0.3"]}],"iocs":{"domains":["eo64g38fdes1lxm.m.pipedream.net"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/jsonreq-ase"}],"affected":[{"package":{"name":"jsonreq-ase","ecosystem":"PyPI","purl":"pkg:pypi/jsonreq-ase"},"versions":["0.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/jsonreq-ase/MAL-2025-191768.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}