{"id":"MAL-2025-3484","summary":"Malicious code in yolov8mini (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (a9222d20b84ed716d5bdf81f1da1d0f088fc7482894c8f25a5d1f757cc477ba9)\nOn importing the module, there is an automated start of a Telegram bot capable of exfiltrating passwords from browsers, executing arbitrary commands and so on. While the description states it's a monitoring tool, the automated start, capabilities targeting secret values suggest malicious intentions.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-03-yolov8mini\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - exfiltration-generic\n\n\n - dependency-confusion\n\n\n - exfiltration-browser-data\n\n\n - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.\n","modified":"2026-04-16T15:58:39.875739Z","published":"2025-03-23T21:03:35Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","sha256":"1dc0eb3e828547e3984fc6ee95459f3948326df479784f46b7f9e43b0893876f","versions":["0.1"],"id":"RLMA-2025-02552","modified_time":"2025-04-23T16:06:52Z","import_time":"2025-04-25T09:36:49.750204919Z"},{"source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"07aef48176f15d2a6458d10e86017e8c8d5e1dff8bf1852f9aa362cb904ff3b2","id":"pypi/2025-03-yolov8mini/yolov8mini","modified_time":"2025-03-23T21:03:35Z","import_time":"2025-12-02T22:30:55.785517226Z"},{"source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"a9222d20b84ed716d5bdf81f1da1d0f088fc7482894c8f25a5d1f757cc477ba9","id":"pypi/2025-03-yolov8mini/yolov8mini","modified_time":"2025-03-23T21:03:35Z","import_time":"2025-12-02T23:07:18.828841981Z"},{"source":"kam193","sha256":"68e19b0d45f92b02ef259a281ccb9a76766b7aea9c7edec8adf8393fa59650a5","versions":["0.1","0.1.1","1.1.1","1.2.1","1.3.1","1.4.1","2.0.1","2.1.1","2.2.1","2.3.1"],"id":"pypi/2025-03-yolov8mini/yolov8mini","modified_time":"2025-03-23T21:03:35Z","import_time":"2025-12-10T21:38:57.997427922Z"},{"source":"reversing-labs","sha256":"ad099f2f31ac262b494a75650849dc9704229bddd64a022050034107c55fb8a6","id":"RLUA-2026-00941","modified_time":"2026-03-18T12:20:49Z","import_time":"2026-03-19T12:20:45.285725144Z"},{"source":"reversing-labs","sha256":"6863dc3f3b79bbe20284e48253503154e8f1ec8793b2c77b0a0bd523d4647520","versions":["1.3.1","2.1.1","0.1.1","1.1.1","1.2.1","1.4.1","2.2.1","2.3.1","2.0.1"],"id":"RLUA-2026-02086","modified_time":"2026-04-16T10:28:01Z","import_time":"2026-04-16T15:39:36.820128039Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/yolov8mini"}],"affected":[{"package":{"name":"yolov8mini","ecosystem":"PyPI","purl":"pkg:pypi/yolov8mini"},"versions":["0.1","0.1.1","1.1.1","1.2.1","1.3.1","1.4.1","2.0.1","2.1.1","2.2.1","2.3.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/yolov8mini/MAL-2025-3484.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}