{"id":"MAL-2025-5109","summary":"Malicious code in dbgpkg (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2025-12-24T10:29:15.835254Z","published":"2025-06-18T10:15:07Z","database_specific":{"malicious-packages-origins":[{"sha256":"ad7fc7c34738ac07da72b31e5d8da1330359abd80e4c40ff82b91e7893d424c5","versions":["1.3.6","1.3.7","1.3.8"],"modified_time":"2025-06-18T10:15:07Z","source":"reversing-labs","import_time":"2025-06-18T15:06:00.659172012Z","id":"RLMA-2025-03006"},{"sha256":"6f67ae6d5301f7790bed5a84f43fe59211c31d52b053dec034acb1339834d8d4","modified_time":"2025-12-23T08:38:20Z","source":"reversing-labs","import_time":"2025-12-24T10:07:36.477023671Z","id":"RLUA-2025-06559"}]},"references":[{"type":"ARTICLE","url":"https://www.reversinglabs.com/blog/backdoor-implant-discovered-on-pypi-posing-as-debugging-utility"}],"affected":[{"package":{"name":"dbgpkg","ecosystem":"PyPI","purl":"pkg:pypi/dbgpkg"},"versions":["1.3.6","1.3.7","1.3.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dbgpkg/MAL-2025-5109.json"}}],"schema_version":"1.7.3","credits":[{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}