{"id":"MAL-2025-47801","summary":"Malicious code in svcmanagement (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (7b2d49c3d45535d0e8d20f097496169af472ef9fe2612c83823102820542590e)\nPackage attempts to download an executable and install it as a privileged service. The executable seems to be modified remote access tool\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-svcmanager\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - backdoor\n","modified":"2026-03-19T12:41:25.661796Z","published":"2025-08-18T16:25:24Z","database_specific":{"malicious-packages-origins":[{"sha256":"1e5b57a4d165914dfba381c5ef944fe583606c020c3f084c93d78ecd1bd4f916","id":"RLMA-2025-04810","versions":["1.0.0"],"import_time":"2025-09-26T11:05:35.927526999Z","source":"reversing-labs","modified_time":"2025-09-26T09:14:37Z"},{"sha256":"03803660ae55a4181ec244422f493a9feae2bdf2f4bd3c37ac6200c0fb779ce5","id":"pypi/2025-07-svcmanager/svcmanagement","versions":["1.0.0"],"import_time":"2025-12-02T22:30:55.618749331Z","source":"kam193","modified_time":"2025-08-18T16:25:24.490353Z"},{"sha256":"7b2d49c3d45535d0e8d20f097496169af472ef9fe2612c83823102820542590e","id":"pypi/2025-07-svcmanager/svcmanagement","versions":["1.0.0"],"import_time":"2025-12-02T23:07:18.659485441Z","source":"kam193","modified_time":"2025-08-18T16:25:24.490353Z"},{"sha256":"7210623651b622208206eed1e2f806d6e3035bba15e8e5e2ccb64b85acc29732","id":"RLUA-2026-00791","import_time":"2026-03-19T12:20:30.971356002Z","source":"reversing-labs","modified_time":"2026-03-18T12:19:10Z"}],"iocs":{"urls":["https://github.com/deshamed/manager/releases/download/love/system_service.exe","https://raw.githubusercontent.com/deshamed/manager/refs/heads/main/version.txt"]}},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/f1bf511ab38a42a2c4c870deb1cd049f56862683471cb103cb845a134e65d82b?nocache=1"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/svcmanagement"}],"affected":[{"package":{"name":"svcmanagement","ecosystem":"PyPI","purl":"pkg:pypi/svcmanagement"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/svcmanagement/MAL-2025-47801.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}