{"id":"MAL-2025-47746","summary":"Malicious code in awesome-tools-collection (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (1b8c27c2c5512bcb412c63a9e5ab3a392cb21f8ff51f281d8e7ac73a08929abb)\nInstalling packages exfiltrates data (different in different packages and versions) or run revshells\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-08-learning-pypi-demo-nisimi\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.\n\n\n - exfiltration-generic\n","modified":"2026-03-19T12:50:52.332136Z","published":"2025-09-03T15:52:43Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","sha256":"fdf85e89ad8e719ea161ef629b069744f958239bc89f4b0131ecd641a7fe37d7","import_time":"2025-09-26T11:05:31.210259668Z","versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6"],"modified_time":"2025-09-26T09:13:44Z","id":"RLMA-2025-04745"},{"source":"kam193","sha256":"88262de451d7eb0b85f040386be49fbed3622a503eed18d3e2af1d8d91921afd","import_time":"2025-12-02T22:30:54.958411806Z","versions":["0.1.5","0.1.4","0.1.3","0.1.2","0.1.1","0.1.0","0.1.2","0.1.4","0.1.5","0.1.6"],"modified_time":"2025-09-03T15:57:26.910464Z","id":"pypi/2025-08-learning-pypi-demo-nisimi/awesome-tools-collection"},{"source":"kam193","sha256":"1b8c27c2c5512bcb412c63a9e5ab3a392cb21f8ff51f281d8e7ac73a08929abb","import_time":"2025-12-02T23:07:17.998755429Z","versions":["0.1.5","0.1.4","0.1.3","0.1.2","0.1.1","0.1.0","0.1.2","0.1.4","0.1.5","0.1.6"],"modified_time":"2025-09-03T15:57:26.910464Z","id":"pypi/2025-08-learning-pypi-demo-nisimi/awesome-tools-collection"},{"source":"kam193","sha256":"35787e4b8050da40f613d4d0741f82f0793388b360393758954c6ae6f0d406d3","import_time":"2025-12-30T22:39:04.043480333Z","versions":["0.1.0","0.1.1","0.1.2","0.1.2","0.1.3","0.1.4","0.1.4","0.1.5","0.1.5","0.1.6"],"modified_time":"2025-09-03T15:57:26.910464Z","id":"pypi/2025-08-learning-pypi-demo-nisimi/awesome-tools-collection"},{"source":"reversing-labs","sha256":"506219c146fcc0f77e004675ffc2d6aae316ea1f3514eda6223ce74de6aade34","import_time":"2026-03-19T12:19:27.76689798Z","modified_time":"2026-03-18T12:11:41Z","id":"RLUA-2026-00126"}],"iocs":{"domains":["evduuu5l01di1hdn9i5qslhxzo5ft6ju8.oastify.com","xz0dyd944kh150h6d199w4lg379yx0lp.oastify.com","v95b8bj2eirzfyr4nzj762ved5jw71vq.oastify.com"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/awesome-tools-collection"}],"affected":[{"package":{"name":"awesome-tools-collection","ecosystem":"PyPI","purl":"pkg:pypi/awesome-tools-collection"},"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/awesome-tools-collection/MAL-2025-47746.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}