{"id":"MAL-2025-6213","summary":"Malicious code in donotinstallthisistest6 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (272225f1adba5810796fd9c194041e72e5fcdcc032fa296a701bcc480b37bfcb)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (741b2a11c9667ca67337b8f5c96f2a74f5c0dd58a2da3d904ceb53e83a885203)\nThe OpenSSF Package Analysis project identified 'donotinstallthisistest6' @ 1.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-12-12T20:39:23.816355Z","published":"2025-07-21T20:01:00Z","database_specific":{"malicious-packages-origins":[{"sha256":"741b2a11c9667ca67337b8f5c96f2a74f5c0dd58a2da3d904ceb53e83a885203","source":"ossf-package-analysis","versions":["1.0.0"],"modified_time":"2025-07-21T20:01:00Z","import_time":"2025-07-23T02:44:45.020198772Z"},{"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/donotinstallthisistest6","sha256":"8baab64c209b90e6c2863a6a0cba0cb695baf133071cc90ad8ed22f11b4487ea","modified_time":"2025-07-21T20:22:28.234774Z","import_time":"2025-12-02T22:30:56.002241846Z"},{"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/donotinstallthisistest6","sha256":"272225f1adba5810796fd9c194041e72e5fcdcc032fa296a701bcc480b37bfcb","modified_time":"2025-07-21T20:22:28.234774Z","import_time":"2025-12-02T23:07:19.197656466Z"},{"sha256":"096911c9e9bb1d2a0b716466085ad29e01117f0af09070085a001aec1e1cea07","source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/donotinstallthisistest6","versions":["1.0.0"],"modified_time":"2025-07-21T20:22:28.234774Z","import_time":"2025-12-10T21:38:58.337436944Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/donotinstallthisistest6"}],"affected":[{"package":{"name":"donotinstallthisistest6","ecosystem":"PyPI","purl":"pkg:pypi/donotinstallthisistest6"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/donotinstallthisistest6/MAL-2025-6213.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}