{"id":"MAL-2025-6431","summary":"Malicious code in alpha-booster (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8fe7614b282cfa81278bc61bde1998e286fe7554c1d37b4c3185718c6e54f6af)\nCode downloads and runs the remote executable. While the current link seems not to work, the previous versions had an embedded infostealer instead.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-discord-booster\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-03-19T12:50:05.746431Z","published":"2025-05-29T22:39:05Z","database_specific":{"iocs":{"domains":["edef4.pcloud.com"]},"malicious-packages-origins":[{"modified_time":"2025-07-31T19:13:55Z","import_time":"2025-08-01T10:07:08.826970817Z","id":"RLMA-2025-03515","source":"reversing-labs","sha256":"98b1011117e418ec81af4a63288e744354e3eff71e3e587a1d07905c0a2871c2","versions":["1.0","1.1","1.2","1.3"]},{"modified_time":"2025-05-29T22:39:05Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T22:30:54.899966257Z","id":"pypi/2025-05-discord-booster/alpha-booster","source":"kam193","sha256":"4e82c59169c5e251a83750ab4b484b1fe04e0d576e49f30ceea9ccafc268d5fb"},{"modified_time":"2025-05-29T22:39:05Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T23:07:17.943665478Z","id":"pypi/2025-05-discord-booster/alpha-booster","source":"kam193","sha256":"8fe7614b282cfa81278bc61bde1998e286fe7554c1d37b4c3185718c6e54f6af"},{"modified_time":"2025-05-29T22:39:05Z","import_time":"2025-12-10T21:38:57.250367311Z","id":"pypi/2025-05-discord-booster/alpha-booster","source":"kam193","sha256":"693579d2cfeb801fd45dcb29a7ecc42dc73ab03cef3e9987c4fa4832706c6c22","versions":["1.0","1.1","1.2","1.3"]},{"modified_time":"2026-03-18T12:10:57Z","import_time":"2026-03-19T12:19:21.944780563Z","id":"RLUA-2026-00060","source":"reversing-labs","sha256":"d4cd20f74541f773862aab8c5b6df87d5bf90eb6bb82cd215ddff6c9d869f416"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/alpha-booster"}],"affected":[{"package":{"name":"alpha-booster","ecosystem":"PyPI","purl":"pkg:pypi/alpha-booster"},"versions":["1.0","1.1","1.2","1.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/alpha-booster/MAL-2025-6431.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}