{"id":"MAL-2025-41747","summary":"Malicious code in requires-python (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (fa1ee2e2c3ead90338250a60177535b23b5f30016e1d06a5b944092cbc3305e7)\nWhen imported, the package attempts to exfiltrate environment variables and basic user info\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-triple-equals\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n","modified":"2026-03-19T12:56:23.469224Z","published":"2025-07-28T19:00:15Z","database_specific":{"malicious-packages-origins":[{"sha256":"579193d7aae052e05a939ea93ad44f8bd4185886f39e3441c1605a480910269d","modified_time":"2025-08-28T07:11:46Z","import_time":"2025-08-29T06:41:52.200617409Z","source":"reversing-labs","id":"RLMA-2025-04242","versions":["10.0.5"]},{"sha256":"206b3ac96122408ffbbda6deec04c04f185d3c9593c68669bf9ed247fcc7725f","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-07-28T19:00:15.05855Z","import_time":"2025-12-02T22:30:55.543301827Z","source":"kam193","id":"pypi/2025-07-triple-equals/requires-python"},{"sha256":"fa1ee2e2c3ead90338250a60177535b23b5f30016e1d06a5b944092cbc3305e7","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-07-28T19:00:15.05855Z","import_time":"2025-12-02T23:07:18.581977045Z","source":"kam193","id":"pypi/2025-07-triple-equals/requires-python"},{"sha256":"70e608cee8925bfd99294033811eece0e262363e1cfff761207d06d088f959e3","modified_time":"2025-07-28T19:00:15.05855Z","import_time":"2025-12-10T21:38:57.790152305Z","source":"kam193","id":"pypi/2025-07-triple-equals/requires-python","versions":["10.0.5"]},{"sha256":"dd9c6561ae4bdaa27af1e04d70ac63259edbae1186122a0812514b71435b7b35","modified_time":"2026-03-18T12:18:19Z","import_time":"2026-03-19T12:20:23.445635949Z","source":"reversing-labs","id":"RLUA-2026-00716"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/requires-python"}],"affected":[{"package":{"name":"requires-python","ecosystem":"PyPI","purl":"pkg:pypi/requires-python"},"versions":["10.0.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/requires-python/MAL-2025-41747.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}