{"id":"MAL-2025-48890","summary":"Malicious code in emoted (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (1c1542aa2ac34ff34c8c27bcfa0753cb100f1779f8b6acf274ed21c36866b795)\nObfuscated code contains e.g. capabilities for downloading and executing code from a hardcoded location. It's also recognized as malware\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-10-regixtest\n\n\nReasons (based on the campaign):\n\n\n - obfuscation\n\n\n - action-hidden-in-lib-usage\n\n\n - Downloads and executes a remote malicious script.\n\n\n - malware\n","modified":"2026-03-19T12:52:43.995252Z","published":"2025-10-02T05:41:39Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","id":"RLMA-2025-05209","modified_time":"2025-10-23T19:16:26Z","import_time":"2025-10-27T18:08:49.664101464Z","versions":["0.1.0"],"sha256":"50c0661e38bf7756281e18dac7466731b3ab7dda37af05719a8cf2962500ce8b"},{"source":"kam193","id":"pypi/2025-10-regixtest/emoted","modified_time":"2025-10-02T05:41:39.503672Z","import_time":"2025-12-02T22:30:55.126947029Z","versions":["0.1.0"],"sha256":"4f0be160bd8e43897e24f1f52237f48d19c1783a8586a5b0090dd336ecf4691a"},{"source":"kam193","id":"pypi/2025-10-regixtest/emoted","modified_time":"2025-10-02T05:41:39.503672Z","import_time":"2025-12-02T23:07:18.137742011Z","versions":["0.1.0"],"sha256":"1c1542aa2ac34ff34c8c27bcfa0753cb100f1779f8b6acf274ed21c36866b795"},{"source":"reversing-labs","id":"RLUA-2026-00294","modified_time":"2026-03-18T12:13:32Z","import_time":"2026-03-19T12:19:42.717431709Z","sha256":"03d1a1568763224d371f02ed4dfa7d486de8ec22b5ca0c685c71094960fcfd14"}],"iocs":{"domains":["cxojh-118-179-99-2.a.free.pinggy.link","xnrij-118-179-99-2.a.free.pinggy.link"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/emoted"}],"affected":[{"package":{"name":"emoted","ecosystem":"PyPI","purl":"pkg:pypi/emoted"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/emoted/MAL-2025-48890.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}