{"id":"MAL-2025-4230","summary":"Malicious code in pydoxing (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (52e0861f6664f547a0cc13ab9b6aea123213946a49bbdc341e15be6ff6d53b61)\nPackage contains a known Blank Grabber infostealer that starts on importing the module\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-pydoxing\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - exfiltration-generic\n\n\n - obfuscation\n\n\n - exfiltration-browser-data\n\n\n - infostealer:blankgrabber\n","modified":"2026-03-19T12:55:44.276956Z","published":"2025-05-02T17:48:22Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","id":"RLMA-2025-02587","sha256":"3b29aba853b42e70b814429d2056e0d084e4763533486dea328005bf61f5c4b4","modified_time":"2025-05-22T12:33:41Z","import_time":"2025-05-22T14:06:36.776774176Z","versions":["8.8.8","8.8.9","8.9.0","8.9.1","8.9.2"]},{"source":"kam193","sha256":"b2fc5beedda0d6bc149cca5df110c9c87ddba5753ce31ab33206cf4fbb5a0f11","id":"pypi/2025-05-pydoxing/pydoxing","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-05-02T17:48:22Z","import_time":"2025-12-02T22:30:55.462364876Z"},{"source":"kam193","sha256":"52e0861f6664f547a0cc13ab9b6aea123213946a49bbdc341e15be6ff6d53b61","id":"pypi/2025-05-pydoxing/pydoxing","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-05-02T17:48:22Z","import_time":"2025-12-02T23:07:18.486743027Z"},{"source":"kam193","id":"pypi/2025-05-pydoxing/pydoxing","sha256":"da6d23d0b5319c7bbdf8c0bacfda214f4dd84e587f0f584741310b9081ec3f3f","modified_time":"2025-05-02T17:48:22Z","import_time":"2025-12-10T21:38:57.701977793Z","versions":["8.8.8","8.8.9","8.9.0","8.9.1","8.9.2"]},{"source":"reversing-labs","id":"RLUA-2026-00629","sha256":"5f504207ca0931b51f528c92885f5fafc5768d16b9d457f81219f5e024967907","modified_time":"2026-03-18T12:17:23Z","import_time":"2026-03-19T12:20:15.198848462Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pydoxing"}],"affected":[{"package":{"name":"pydoxing","ecosystem":"PyPI","purl":"pkg:pypi/pydoxing"},"versions":["8.8.8","8.8.9","8.9.0","8.9.1","8.9.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pydoxing/MAL-2025-4230.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}