{"id":"MAL-2025-41717","summary":"Malicious code in permsupping (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (2dec8af74032aa8a44855e36075b08f5a83aef64962e2c6604e6ecb0b288aa10)\nPackage is prepared to exfiltrate private keys, most probably for Tron cryptocurrency. There is no other purpose of the package\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-08-tronapisync\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-crypto\n","modified":"2026-03-19T12:55:22.358556Z","published":"2025-08-09T13:00:15Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-28T07:11:31Z","id":"RLMA-2025-04212","sha256":"80d9e5da205273efc549849a1ed02b97c731ec9a41dc2ca02794f541c8245e55","source":"reversing-labs","import_time":"2025-08-29T06:41:49.018481054Z","versions":["1.0.0"]},{"sha256":"939d0d2d02d012e4b3c17fee62fd3ebe1991e767717a8f7201ac114303cc4486","id":"pypi/2025-08-tronapisync/permsupping","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","import_time":"2025-12-02T22:30:55.425377843Z","modified_time":"2025-08-09T13:00:15.230786Z"},{"sha256":"2dec8af74032aa8a44855e36075b08f5a83aef64962e2c6604e6ecb0b288aa10","id":"pypi/2025-08-tronapisync/permsupping","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","import_time":"2025-12-02T23:07:18.452358126Z","modified_time":"2025-08-09T13:00:15.230786Z"},{"modified_time":"2025-08-09T13:00:15.230786Z","id":"pypi/2025-08-tronapisync/permsupping","sha256":"a3cf8c231d342c0955a1ec7ff2bb45fd0eb868ea52026ef7712b86f41e05fd58","source":"kam193","import_time":"2025-12-10T21:38:57.667761629Z","versions":["1.0.0"]},{"modified_time":"2026-03-18T12:16:54Z","id":"RLUA-2026-00589","sha256":"213c96ebe5c08e80dceb219f990a8329b3ff35a087d7f36dfb8765ce0fa0d09d","source":"reversing-labs","import_time":"2026-03-19T12:20:11.930453777Z"}],"iocs":{"domains":["tronapipy.sbs"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/permsupping"}],"affected":[{"package":{"name":"permsupping","ecosystem":"PyPI","purl":"pkg:pypi/permsupping"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/permsupping/MAL-2025-41717.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}