{"id":"MAL-2025-47787","summary":"Malicious code in mevguard (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (46b2aa8c02569ef9c6bab8214553d7af8d7e1c1f3499324654bb30870832f6f5)\nThe obfuscated code provides \"initialize_session\" function that exfiltrates the provided argument.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-09-mevguard\n\n\nReasons (based on the campaign):\n\n\n - action-hidden-in-lib-usage\n\n\n - exfiltration-generic\n\n\n - obfuscation\n","modified":"2026-03-19T12:54:55.321007Z","published":"2025-09-14T13:24:21Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","versions":["0.1.5"],"import_time":"2025-09-26T11:05:34.771542276Z","id":"RLMA-2025-04792","sha256":"7db87052a760fd4771fa88e1ded1e213c9f269d75db556b0ac8caf2c36d9772e","modified_time":"2025-09-26T09:14:16Z"},{"source":"kam193","versions":["0.1.5"],"import_time":"2025-12-02T22:30:55.337524901Z","id":"pypi/2025-09-mevguard/mevguard","sha256":"18d6f63d91515fac38b8dd7d9cbf6e0714839c1eb8cdb464b79b3839c0958dd1","modified_time":"2025-09-14T13:24:21.500575Z"},{"source":"kam193","versions":["0.1.5"],"import_time":"2025-12-02T23:07:18.366603188Z","id":"pypi/2025-09-mevguard/mevguard","sha256":"46b2aa8c02569ef9c6bab8214553d7af8d7e1c1f3499324654bb30870832f6f5","modified_time":"2025-09-14T13:24:21.500575Z"},{"source":"reversing-labs","import_time":"2026-03-19T12:20:04.266471545Z","id":"RLUA-2026-00518","sha256":"867a04c19924731e7a29e9d6d3a3530fcbe5cff0ca7d85fbda4685c184685ab4","modified_time":"2026-03-18T12:16:04Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/mevguard"}],"affected":[{"package":{"name":"mevguard","ecosystem":"PyPI","purl":"pkg:pypi/mevguard"},"versions":["0.1.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mevguard/MAL-2025-47787.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}