{"id":"MAL-2025-41764","summary":"Malicious code in someeebbb (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (0fd59432f228380b77cbfb70e5a776f13b909d7be4b57ce72e270f41ac035ee0)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:57:03.099138Z","published":"2025-07-29T13:47:05Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-08-29T06:41:53.936745217Z","id":"RLMA-2025-04262","modified_time":"2025-08-28T07:11:57Z","versions":["10.0.5"],"sha256":"38b819f00b8e362e65add39defd3562a3215a422770ef9716e3bfcd9e9d98a30","source":"reversing-labs"},{"import_time":"2025-12-02T22:30:56.409675613Z","id":"pypi/GENERIC-standard-pypi-install-pentest/someeebbb","modified_time":"2025-07-29T13:47:05.538982Z","sha256":"bd32e89204a063b5760ff18b4955ef3c66c070595e91b5f19b9d0d816bf1f354","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193"},{"import_time":"2025-12-02T23:07:19.595665852Z","id":"pypi/GENERIC-standard-pypi-install-pentest/someeebbb","modified_time":"2025-07-29T13:47:05.538982Z","sha256":"0fd59432f228380b77cbfb70e5a776f13b909d7be4b57ce72e270f41ac035ee0","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193"},{"import_time":"2025-12-10T21:38:58.70000262Z","id":"pypi/GENERIC-standard-pypi-install-pentest/someeebbb","modified_time":"2025-07-29T13:47:05.538982Z","versions":["10.0.5"],"sha256":"f4a4cbaee28c6326126d8dec4a74dedf3cf8f59e0631aeea5696c037b1bf9f0b","source":"kam193"},{"import_time":"2026-03-19T12:20:29.103599442Z","id":"RLUA-2026-00773","modified_time":"2026-03-18T12:18:58Z","sha256":"4b620243b7a42fbad3d0c66301a1ae7d3ad358d157429725fda8ab161bdc7547","source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/someeebbb"}],"affected":[{"package":{"name":"someeebbb","ecosystem":"PyPI","purl":"pkg:pypi/someeebbb"},"versions":["10.0.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/someeebbb/MAL-2025-41764.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}