{"id":"MAL-2025-48892","summary":"Malicious code in hackerone-app-sdk (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:53:36.016758Z","published":"2025-09-17T15:17:50Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2025-05211","source":"reversing-labs","versions":["0.18.0","0.19.1"],"modified_time":"2025-10-23T19:16:33Z","import_time":"2025-10-27T18:08:49.774942659Z","sha256":"afbe6bddcd85abd24300f735ee11fffa58ee409b2d1297033700b8050ac28bc2"},{"id":"pypi/GENERIC-standard-pypi-install-pentest/hackerone-app-sdk","source":"kam193","versions":["0.19.1","0.18.0","0.17.0"],"modified_time":"2025-09-17T15:17:50.798404Z","import_time":"2025-12-02T22:30:56.083453369Z","sha256":"ec9f5e3b9a5854f28db5438f9967e21b65574188e6872860ed084132f7a97b71"},{"id":"pypi/GENERIC-standard-pypi-install-pentest/hackerone-app-sdk","source":"kam193","versions":["0.19.1","0.18.0","0.17.0"],"modified_time":"2025-09-17T15:17:50.798404Z","import_time":"2025-12-02T23:07:19.27326304Z","sha256":"7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66"},{"id":"pypi/GENERIC-standard-pypi-install-pentest/hackerone-app-sdk","source":"kam193","versions":["0.17.0","0.18.0","0.19.1"],"modified_time":"2025-09-17T15:17:50.798404Z","import_time":"2025-12-30T22:39:04.293894556Z","sha256":"0cfb46a3c4d57362d8cae555161436c78a9dc673c0daeae0b501faa5c248eca4"},{"id":"RLUA-2026-00372","source":"reversing-labs","modified_time":"2026-03-18T12:14:28Z","import_time":"2026-03-19T12:19:50.265140195Z","sha256":"194f5dc3a4b9a652fe0db796a81814f5fbbb5e69b8b96bf8572ad813e9f7c484"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/hackerone-app-sdk"}],"affected":[{"package":{"name":"hackerone-app-sdk","ecosystem":"PyPI","purl":"pkg:pypi/hackerone-app-sdk"},"versions":["0.18.0","0.19.1","0.17.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hackerone-app-sdk/MAL-2025-48892.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}