{"id":"MAL-2025-41770","summary":"Malicious code in supersafepackage (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (3b979e1e2520c4f9d07507acc8182830203309adcb9932103a475d3e23e0de3f)\nGeneric campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: GENERIC-questionable-pentest\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - exfiltration-generic\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - typosquatting\n","modified":"2026-03-19T12:57:10.565824Z","published":"2025-08-02T20:21:46Z","database_specific":{"malicious-packages-origins":[{"sha256":"f6709afd6737a8fc0f2e904caf6cb6d52bac0e987d1db631c572351b76840136","import_time":"2025-08-29T06:41:54.575278038Z","versions":["3.0.0","3.0.5","3.0.6","4.0.0","4.0.1","5.0.0","6.0.0","6.0.1"],"modified_time":"2025-08-28T07:12:00Z","id":"RLMA-2025-04268","source":"reversing-labs"},{"sha256":"e363bbd8e62f9255c8bac406b6190a9dd2f42c103db8dd0824518ef14f363f6f","import_time":"2025-12-02T22:30:55.61721354Z","modified_time":"2025-08-02T20:21:46.685393Z","id":"pypi/GENERIC-questionable-pentest/supersafepackage","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193"},{"sha256":"3b979e1e2520c4f9d07507acc8182830203309adcb9932103a475d3e23e0de3f","import_time":"2025-12-02T23:07:18.657719706Z","modified_time":"2025-08-02T20:21:46.685393Z","id":"pypi/GENERIC-questionable-pentest/supersafepackage","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193"},{"sha256":"4db3e8dcb86b07384aa9fd4286f4f7c8d75994d911844e7a2f419521ef4c5a06","import_time":"2025-12-10T21:38:57.847893023Z","versions":["2.0.0","3.0.0","3.0.1","3.0.5","3.0.6","4.0.0","4.0.1","5.0.0","6.0.0","6.0.1"],"modified_time":"2025-08-02T20:21:46.685393Z","id":"pypi/GENERIC-questionable-pentest/supersafepackage","source":"kam193"},{"sha256":"9bfd96a08f3373eb4c871b21b9624939db092b80e4a57d67dd34352b9d5c50de","import_time":"2026-03-19T12:20:30.600253132Z","modified_time":"2026-03-18T12:19:09Z","id":"RLUA-2026-00789","source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/supersafepackage"}],"affected":[{"package":{"name":"supersafepackage","ecosystem":"PyPI","purl":"pkg:pypi/supersafepackage"},"versions":["3.0.0","3.0.5","3.0.6","4.0.0","4.0.1","5.0.0","6.0.0","6.0.1","2.0.0","3.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/supersafepackage/MAL-2025-41770.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}