{"id":"MAL-2025-1994","summary":"Malicious code in requesttss (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (12a8bc9313963cfa671547d93bfa32236afe6b7dfeeec048633a547aa05dbc12)\nClone of the requests package that modified the code to send all get and post requests to a hardcoded URL\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-01-rqsts \n\n\nReasons (based on the campaign):\n\n\n - clones-real-package\n\n\n - dependency-confusion\n\n\n - action-hidden-in-lib-usage\n","modified":"2026-04-16T16:03:42.536362Z","published":"2025-01-25T16:53:01Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2025-01237","import_time":"2025-03-03T15:07:17.269624219Z","sha256":"ff4f5b53c4f94fe47f59710010f219b935128c2a5bb207acfec6702663fdff32","modified_time":"2025-03-03T13:45:17Z","versions":["2.28.1"],"source":"reversing-labs"},{"id":"pypi/2025-01-rqsts/requesttss","import_time":"2025-12-02T22:30:55.540922289Z","sha256":"534cd9b41b514c90127542dea88d24d596d4528fecce2b5ea783e47ba49a1a27","modified_time":"2025-01-25T16:53:01Z","source":"kam193","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"id":"pypi/2025-01-rqsts/requesttss","import_time":"2025-12-02T23:07:18.579476791Z","sha256":"12a8bc9313963cfa671547d93bfa32236afe6b7dfeeec048633a547aa05dbc12","modified_time":"2025-01-25T16:53:01Z","source":"kam193","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"id":"pypi/2025-01-rqsts/requesttss","import_time":"2025-12-10T21:38:57.787535877Z","sha256":"bf4ac05c53d959e995caeee2ee5000af6d9e570a37686f7a777ef7f6c7ded10b","modified_time":"2025-01-25T16:53:01Z","versions":["2.28.1"],"source":"kam193"},{"id":"RLUA-2026-00713","import_time":"2026-03-19T12:20:23.194983324Z","sha256":"bd172130eba7e47288ce128c8cc7bb57e28de6e67330290baf9e4435873b994d","modified_time":"2026-03-18T12:18:17Z","source":"reversing-labs"},{"id":"RLUA-2026-02081","import_time":"2026-04-16T15:39:36.10865157Z","sha256":"4853bc2964e7e3d39cf0b211243f054a7bd5548ebbf7cfdb4f912f063d90687e","modified_time":"2026-04-16T10:27:41Z","versions":["1.1.1"],"source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/requesttss"}],"affected":[{"package":{"name":"requesttss","ecosystem":"PyPI","purl":"pkg:pypi/requesttss"},"versions":["2.28.1","1.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/requesttss/MAL-2025-1994.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}