{"id":"MAL-2025-5656","summary":"Malicious code in malinssx (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (ec1d3e0940a3c37917b528689547d3728f9f3d0b9e408acc7dcc67435c09d2b0)\nThe only goal of the package is to execute a webhook or a suspicious file during installation.\n\nClosely related to 2025-07-0x9xnx - created after previous packages were quarantined, similar names, similar usage, but no clearly malicious parts.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2025-07-malimalo\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (3d92abafc09cf0f7dc822d1020b48ae9cef15a8844d75ec034e30a49af7de3f4)\nThe OpenSSF Package Analysis project identified 'malinssx' @ 0.0.1 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-12-12T20:43:57.696299Z","published":"2025-07-04T11:03:06Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-07-08T05:39:10.413724901Z","versions":["0.0.1"],"sha256":"3d92abafc09cf0f7dc822d1020b48ae9cef15a8844d75ec034e30a49af7de3f4","source":"ossf-package-analysis","modified_time":"2025-07-04T11:03:06Z"},{"import_time":"2025-08-01T10:07:12.505891354Z","versions":["0.0.1"],"sha256":"2afe87b7a6471b1348b91836990a415db226b9d0a1e5235335dcf2be39ae463e","id":"RLMA-2025-03640","source":"reversing-labs","modified_time":"2025-07-31T19:15:39Z"},{"import_time":"2025-12-02T22:30:56.193339341Z","sha256":"6500e2c0d9c4841404e0518a1fe4e23f8eced03e773be53e46756b00da876f74","source":"kam193","id":"pypi/2025-07-malimalo/malinssx","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-07-04T11:41:06Z"},{"import_time":"2025-12-02T23:07:19.37531331Z","sha256":"ec1d3e0940a3c37917b528689547d3728f9f3d0b9e408acc7dcc67435c09d2b0","source":"kam193","id":"pypi/2025-07-malimalo/malinssx","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-07-04T11:41:06Z"},{"import_time":"2025-12-10T21:38:58.501125064Z","versions":["0.0.1"],"sha256":"da25513446adec2808388febdd965ed96d11c7563841b371c8d2fbe7788e5db4","id":"pypi/2025-07-malimalo/malinssx","source":"kam193","modified_time":"2025-07-04T11:41:06Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/malinssx"}],"affected":[{"package":{"name":"malinssx","ecosystem":"PyPI","purl":"pkg:pypi/malinssx"},"versions":["0.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/malinssx/MAL-2025-5656.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}