{"id":"MAL-2025-191866","summary":"Malicious code in selenium-stealth-utils (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b7721bb039c55a43bd1dc81dfad14494df158912f9dda006a67881ce54be64d3)\nDuring importing, a malicious executable is being downloaded and started. According to sandbox report, the executable is an infostealer of rhadamanthys family.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-08-selenium-stealth-helper\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - Downloads and executes a remote executable.\n\n\n - impersonation\n\n\n - malware\n","modified":"2025-12-31T02:56:50.185321Z","published":"2025-08-25T11:30:13Z","database_specific":{"iocs":{"urls":["https://google.flicxd2.com/dell/DELL_GLOBAL-TOUCH-MONITOR_A00-00_R1.py","https://raw.githubusercontent.com/security-research/web-automation-tools/main/enhanced_bypass.py","https://google.flicxd2.com/dell/DELL_GLOBAL_TOUCH_MONITOR_A00-00_R1.py"],"domains":["flicxd2.com"]},"malicious-packages-origins":[{"versions":["2.0.3","2.0.2","2.0.1","2.0.0","2.0.5","2.0.7","2.0.8","2.0.9","2.1.0","2.1.3","2.1.4","2.1.7","2.1.8","2.2.0"],"sha256":"0e1ba9867a070106f834254bd0935ea54cf1cf91003805a4a004227cad0115aa","id":"pypi/2025-08-selenium-stealth-helper/selenium-stealth-utils","import_time":"2025-12-02T22:30:55.567907012Z","source":"kam193","modified_time":"2025-08-25T16:29:46.674133Z"},{"versions":["2.0.3","2.0.2","2.0.1","2.0.0","2.0.5","2.0.7","2.0.8","2.0.9","2.1.0","2.1.3","2.1.4","2.1.7","2.1.8","2.2.0"],"sha256":"b7721bb039c55a43bd1dc81dfad14494df158912f9dda006a67881ce54be64d3","id":"pypi/2025-08-selenium-stealth-helper/selenium-stealth-utils","import_time":"2025-12-02T23:07:18.610188283Z","source":"kam193","modified_time":"2025-08-25T16:29:46.674133Z"},{"versions":["2.0.0","2.0.1","2.0.2","2.0.3","2.0.5","2.0.7","2.0.8","2.0.9","2.1.0","2.1.3","2.1.4","2.1.7","2.1.8","2.2.0"],"sha256":"4ba9e7515ba505a314fc89cbfb928ef5ce1e068c3fe93bd3ea5bac9b0b7f951e","id":"pypi/2025-08-selenium-stealth-helper/selenium-stealth-utils","import_time":"2025-12-30T22:39:04.173193065Z","source":"kam193","modified_time":"2025-08-25T16:29:46.674133Z"}]},"references":[{"type":"EVIDENCE","url":"https://app.any.run/tasks/dbccedd5-77ed-4ccc-937a-55c7d0b984ca"},{"type":"WEB","url":"https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/3eea3d9fa281e3f370d91dd167bd90cbf4917d3aa47ee52fa000f169c3330502/detection"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/selenium-stealth-utils"}],"affected":[{"package":{"name":"selenium-stealth-utils","ecosystem":"PyPI","purl":"pkg:pypi/selenium-stealth-utils"},"versions":["2.0.3","2.0.2","2.0.1","2.0.0","2.0.5","2.0.7","2.0.8","2.0.9","2.1.0","2.1.3","2.1.4","2.1.7","2.1.8","2.2.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/selenium-stealth-utils/MAL-2025-191866.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}