{"id":"MAL-2025-48895","summary":"Malicious code in netkit-lite (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b4f77a4b324adb21fdeb5020c213d4ad7d72eefe9f26ee0c134a1cc8544255e9)\nProject is intended only for presenting dependency confusion and exfiltrates basic data\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2025-09-netkit-lite\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - dependency-confusion\n","modified":"2026-03-19T12:55:14.356745Z","published":"2025-09-26T15:42:58Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-10-23T19:16:47Z","id":"RLMA-2025-05214","sha256":"feb61821989927e7156257d8b89badf1f03c6c4f24a236aeb2aa9ab45844e882","import_time":"2025-10-27T18:08:49.947347142Z","versions":["1.2.3"],"source":"reversing-labs"},{"modified_time":"2025-09-26T15:42:58.892909Z","id":"pypi/2025-09-netkit-lite/netkit-lite","sha256":"324bb467c36fadba778ec46019bdeaf8b0aa0795b3afb476c9432173715ca36a","import_time":"2025-12-02T22:30:56.234765187Z","versions":["1.3.2","1.3.1","1.3.0","1.2.9","1.2.8","1.2.7","1.2.6","1.2.5","1.2.4","1.2.3"],"source":"kam193"},{"modified_time":"2025-09-26T15:42:58.892909Z","id":"pypi/2025-09-netkit-lite/netkit-lite","sha256":"b4f77a4b324adb21fdeb5020c213d4ad7d72eefe9f26ee0c134a1cc8544255e9","import_time":"2025-12-02T23:07:19.421912637Z","versions":["1.3.2","1.3.1","1.3.0","1.2.9","1.2.8","1.2.7","1.2.6","1.2.5","1.2.4","1.2.3"],"source":"kam193"},{"modified_time":"2025-09-26T15:42:58.892909Z","id":"pypi/2025-09-netkit-lite/netkit-lite","sha256":"7aefe226e47fa8aca7fdd054dc15258e068977243a36c39ed74168c2e42955e0","import_time":"2025-12-30T22:39:04.318341995Z","versions":["1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.0","1.3.1","1.3.2"],"source":"kam193"},{"modified_time":"2026-03-18T12:16:26Z","id":"RLUA-2026-00552","sha256":"c88029a30433fdccd9cdba9cde305e2961f2095d5dc7a11f78593a9709f88274","import_time":"2026-03-19T12:20:07.992828627Z","versions":["1.3.0","1.2.6","1.2.5","1.2.9","1.3.2","1.2.8","1.2.4","1.3.1","1.2.7"],"source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/netkit-lite"}],"affected":[{"package":{"name":"netkit-lite","ecosystem":"PyPI","purl":"pkg:pypi/netkit-lite"},"versions":["1.2.3","1.3.2","1.3.1","1.3.0","1.2.9","1.2.8","1.2.7","1.2.6","1.2.5","1.2.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/netkit-lite/MAL-2025-48895.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}