{"id":"MAL-2025-192435","summary":"Malicious code in loguru-utf8 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78)\nPackage clones a popular package (loguru, jsonschema, ...). While it claims to have some additional features, the real change is an added compiled native library which is silently loaded in the background during the importing of the module. The exact behavior is unknown, but the binary is obfuscated\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-loguru-utf8\n\n\nReasons (based on the campaign):\n\n\n - clones-real-package\n\n\n - obfuscation\n\n\n - typosquatting\n\n\n - native-extension\n","modified":"2025-12-10T19:47:15.054718Z","published":"2025-12-10T17:02:23Z","database_specific":{"malicious-packages-origins":[{"versions":["0.7.3"],"id":"pypi/2025-12-loguru-utf8/loguru-utf8","import_time":"2025-12-10T17:40:56.35081846Z","source":"kam193","sha256":"ed36240df4acc0e07b3e2a542c261afb54c1fe8466cf496057926b6c2dca3841","modified_time":"2025-12-10T17:02:23.953842Z"},{"versions":["0.7.3"],"id":"pypi/2025-12-loguru-utf8/loguru-utf8","import_time":"2025-12-10T18:45:05.209803425Z","source":"kam193","sha256":"e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78","modified_time":"2025-12-10T17:02:23.953842Z"},{"versions":["0.7.3","0.7.4"],"id":"pypi/2025-12-loguru-utf8/loguru-utf8","import_time":"2025-12-10T19:36:28.61942636Z","source":"kam193","sha256":"24dffce422aaa4e56a42c75c1dbe6cc6b8601fce2a450f244290e0c49100ece3","modified_time":"2025-12-10T18:41:58.634419Z"}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/da48508c771e9a12a4a235660800683f1df40d90b814df9c6e35a8713017f363/detection"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/loguru-utf8"}],"affected":[{"package":{"name":"loguru-utf8","ecosystem":"PyPI","purl":"pkg:pypi/loguru-utf8"},"versions":["0.7.3","0.7.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/loguru-utf8/MAL-2025-192435.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}