{"id":"MAL-2025-192931","summary":"Malicious code in aiogram-sever-patch (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f)\nDuring installation or importing the module, the package starts a reverse shell to hardcoded locatiom\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-aiogram-sever-patch\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - dependency-confusion\n","modified":"2025-12-31T02:52:08.714114Z","published":"2025-12-25T14:18:44Z","database_specific":{"iocs":{"ips":["147.45.124.42"]},"malicious-packages-origins":[{"modified_time":"2025-12-25T14:47:00.746403Z","source":"kam193","versions":["3.3.8","3.3.7","3.3.9"],"import_time":"2025-12-25T15:07:34.090338025Z","sha256":"0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f","id":"pypi/2025-12-aiogram-sever-patch/aiogram-sever-patch"},{"modified_time":"2025-12-25T15:14:07.246518Z","source":"kam193","versions":["3.3.8","3.3.7","3.3.9","3.5.0"],"import_time":"2025-12-25T16:08:11.040317764Z","sha256":"b023a030405c79b4e6de1792f36c9b141be617f58207f4457b9387ff71eeaf69","id":"pypi/2025-12-aiogram-sever-patch/aiogram-sever-patch"},{"modified_time":"2025-12-25T15:55:13.929407Z","source":"kam193","versions":["3.3.8","3.3.7","3.3.9","3.5.0","3.6.0"],"import_time":"2025-12-25T17:06:39.885578167Z","sha256":"08eb3f7596c1a64bfa8b9cb506c57580a1b04447fff55fe5f235131149743637","id":"pypi/2025-12-aiogram-sever-patch/aiogram-sever-patch"},{"modified_time":"2025-12-25T15:55:13.929407Z","source":"kam193","versions":["3.3.7","3.3.8","3.3.9","3.5.0","3.6.0"],"import_time":"2025-12-30T22:39:04.026047039Z","sha256":"f6a9fb1c7d327b2fcda05c53d84bade4f6949a1db903f81fdd20cb5a93c3608c","id":"pypi/2025-12-aiogram-sever-patch/aiogram-sever-patch"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/aiogram-sever-patch"}],"affected":[{"package":{"name":"aiogram-sever-patch","ecosystem":"PyPI","purl":"pkg:pypi/aiogram-sever-patch"},"versions":["3.3.8","3.3.7","3.3.9","3.5.0","3.6.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiogram-sever-patch/MAL-2025-192931.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}