{"id":"MAL-2025-4204","summary":"Malicious code in aiolitesql (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (1ef59c4a17296925677ec69703d25a3bd0541eb1c20eba25b0bc6918e908ddcf)\nClone of aiosqlite with hidden exfiltration of selected data during \"executeall\" query (see L59-97)\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-04-aiolitesql\n\n\nReasons (based on the campaign):\n\n\n - clones-real-package\n\n\n - action-hidden-in-lib-usage\n\n\n - exfiltration-generic\n","modified":"2026-03-19T12:49:58.256200Z","published":"2025-04-22T10:29:14Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-05-22T14:06:33.936898798Z","id":"RLMA-2025-02554","source":"reversing-labs","modified_time":"2025-05-22T12:33:24Z","versions":["0.21.0"],"sha256":"9f1d03b22c82a2f552bfae78156e92810cb6971f0d90ab6b5685648d28e6b4f9"},{"import_time":"2025-12-02T22:30:54.892104591Z","id":"pypi/2025-04-aiolitesql/aiolitesql","source":"kam193","modified_time":"2025-04-22T10:29:14Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"sha256":"913fc8c1447ef4439ff61c2d467fbfa81ac8e8c369ddd9e5b0fde12e4cddfebf"},{"import_time":"2025-12-02T23:07:17.936016392Z","id":"pypi/2025-04-aiolitesql/aiolitesql","source":"kam193","modified_time":"2025-04-22T10:29:14Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"sha256":"1ef59c4a17296925677ec69703d25a3bd0541eb1c20eba25b0bc6918e908ddcf"},{"import_time":"2025-12-10T21:38:57.243306148Z","id":"pypi/2025-04-aiolitesql/aiolitesql","source":"kam193","modified_time":"2025-04-22T10:29:14Z","versions":["0.21.0"],"sha256":"09640699c88bf76e5f43e8add0b06d3e63dc46a6a3c4b929da19088b3ea925fe"},{"import_time":"2026-03-19T12:19:20.948907692Z","id":"RLUA-2026-00045","source":"reversing-labs","modified_time":"2026-03-18T12:10:49Z","sha256":"c7eee0832b5f99e093d61821e7cb38a2caa95e6ec1689da63e4667505884b749"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/aiolitesql"}],"affected":[{"package":{"name":"aiolitesql","ecosystem":"PyPI","purl":"pkg:pypi/aiolitesql"},"versions":["0.21.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiolitesql/MAL-2025-4204.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}