{"id":"MAL-2025-5118","summary":"Malicious code in m5tlnyakblwa (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (a3cc4be569e877aa213b4747e6285f9d2d46f68ee93d55ec9fddf7949c15ff94)\nImporting the module starts download and running a remote executable, identified as malware by AVs\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-coloramashowtemp \n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n","modified":"2026-03-19T12:54:25.259408Z","published":"2025-05-18T00:05:16Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-06-18T10:15:13Z","sha256":"fb0d231bba9196bcaabe377c41d7f3485bb59ddd07b53471136cfbdaf4b2a77d","source":"reversing-labs","versions":["0.1.0"],"id":"RLMA-2025-03015","import_time":"2025-06-18T15:06:01.637132317Z"},{"modified_time":"2025-05-18T00:05:16Z","sha256":"d7fd0aa4ca1ae5342458145b93fd445ea714e2e95560d10104b94ad7dba08dbf","source":"kam193","id":"pypi/2025-05-coloramashowtemp/m5tlnyakblwa","import_time":"2025-12-02T22:30:55.319699139Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"modified_time":"2025-05-18T00:05:16Z","sha256":"a3cc4be569e877aa213b4747e6285f9d2d46f68ee93d55ec9fddf7949c15ff94","source":"kam193","id":"pypi/2025-05-coloramashowtemp/m5tlnyakblwa","import_time":"2025-12-02T23:07:18.346620024Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"modified_time":"2025-05-18T00:05:16Z","sha256":"6cb39de5e650fb48f116cbd917cdd0bed92f2fbc1acc8fd38d583dce913a5637","source":"kam193","versions":["0.1.0"],"id":"pypi/2025-05-coloramashowtemp/m5tlnyakblwa","import_time":"2025-12-10T21:38:57.579841422Z"},{"modified_time":"2026-03-18T12:15:45Z","sha256":"eb459dc8b9ab85d11c3a117efea9abd9312e374cc032e831d6ef4885f3666d05","source":"reversing-labs","id":"RLUA-2026-00484","import_time":"2026-03-19T12:20:00.621657848Z"}],"iocs":{"urls":["https://raw.githubusercontent.com/s7bhme/gg/refs/heads/main/x69gg.exe","https://github.com/s7bhme/gg/raw/refs/heads/main/x69gg.exe","https://github.com/s7bhme/sada/raw/refs/heads/main/x69.exe"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/m5tlnyakblwa"}],"affected":[{"package":{"name":"m5tlnyakblwa","ecosystem":"PyPI","purl":"pkg:pypi/m5tlnyakblwa"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/m5tlnyakblwa/MAL-2025-5118.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}