{"id":"MAL-2025-3468","summary":"Malicious code in runwifi (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (83046dbbe0f24ed7ffb9087d78c161e332436c45f2f3f4433606ebb9fd9cc52d)\nRunning the module will exfiltrate files from the current directory\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-03-randomwifi\n\n\nReasons (based on the campaign):\n\n\n - files-exfiltration\n\n\n - typosquatting\n","modified":"2026-03-19T12:57:03.223288Z","published":"2025-03-31T12:54:29Z","database_specific":{"malicious-packages-origins":[{"versions":["3.8.5.1"],"source":"reversing-labs","import_time":"2025-04-25T09:36:48.287543503Z","modified_time":"2025-04-23T16:06:39Z","id":"RLMA-2025-02532","sha256":"b7ff8ad82dd659963c63b4445217c30c084118079879d2f0137b0e25518be590"},{"sha256":"1e31c27d94f4aa674279c8c9f3a8a8b6edf1cb710734c76b284a2f20062b0980","source":"kam193","import_time":"2025-12-02T22:30:55.558303735Z","modified_time":"2025-03-31T12:54:29Z","id":"pypi/2025-03-randomwifi/runwifi","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"sha256":"83046dbbe0f24ed7ffb9087d78c161e332436c45f2f3f4433606ebb9fd9cc52d","source":"kam193","import_time":"2025-12-02T23:07:18.600695554Z","modified_time":"2025-03-31T12:54:29Z","id":"pypi/2025-03-randomwifi/runwifi","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"versions":["3.8.5.1"],"source":"kam193","import_time":"2025-12-10T21:38:57.804356213Z","modified_time":"2025-03-31T12:54:29Z","id":"pypi/2025-03-randomwifi/runwifi","sha256":"351e9031f2ccfe9287b2a46a2327f1e24d9bd2465f5cbe665317961b0bf4d7a4"},{"source":"reversing-labs","import_time":"2026-03-19T12:20:25.836847348Z","modified_time":"2026-03-18T12:18:36Z","id":"RLUA-2026-00740","sha256":"6d9080e1d994db74c46850ccae2cec1597e802abc0e54b96c0cbc60fa6885d87"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/runwifi"}],"affected":[{"package":{"name":"runwifi","ecosystem":"PyPI","purl":"pkg:pypi/runwifi"},"versions":["3.8.5.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/runwifi/MAL-2025-3468.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}