{"id":"MAL-2025-192392","summary":"Malicious code in ajenti-plugin-testing-pyld (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8f75e248c6b93183d9fb3295781e0ffda38ca1afa25cefb866205312f2a78cfd)\nPackages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-simple-tests\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2025-12-31T02:52:14.214846Z","published":"2025-12-09T18:32:50Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-12-09T18:32:50.64765Z","import_time":"2025-12-09T19:35:12.23631851Z","id":"pypi/GENERIC-simple-tests/ajenti-plugin-testing-pyld","versions":["1.1.1"],"source":"kam193","sha256":"8f75e248c6b93183d9fb3295781e0ffda38ca1afa25cefb866205312f2a78cfd"},{"modified_time":"2025-12-12T22:42:32.079289Z","import_time":"2025-12-12T23:07:31.785339875Z","id":"pypi/GENERIC-simple-tests/ajenti-plugin-testing-pyld","versions":["1.1.1","0.0.1","0.99.999"],"source":"kam193","sha256":"c9f06b3dac61d0bab3271459da521514201b4b69826b7edd9a33d793e870e03f"},{"modified_time":"2025-12-12T20:28:04.371094Z","import_time":"2025-12-12T21:06:42.549224766Z","id":"pypi/GENERIC-simple-tests/ajenti-plugin-testing-pyld","versions":["1.1.1","0.0.1"],"source":"kam193","sha256":"d21d0d38383da324a45399ec777f707a273e0261264c43bab20431eda37f951d"},{"modified_time":"2025-12-12T22:42:32.079289Z","import_time":"2025-12-30T22:39:04.263932925Z","id":"pypi/GENERIC-simple-tests/ajenti-plugin-testing-pyld","versions":["0.0.1","0.99.999","1.1.1"],"source":"kam193","sha256":"4c039df8ba9e4f40162ee73b3cf93b5ea41f16caf89cee8f99b94124cf227a99"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/ajenti-plugin-testing-pyld"}],"affected":[{"package":{"name":"ajenti-plugin-testing-pyld","ecosystem":"PyPI","purl":"pkg:pypi/ajenti-plugin-testing-pyld"},"versions":["1.1.1","0.0.1","0.99.999"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ajenti-plugin-testing-pyld/MAL-2025-192392.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"}]}