{"id":"MAL-2025-6460","summary":"Malicious code in babel-preset-current-node-syntax (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (227436e7c8f26da0ff88db12bd9102d85f9f596cf495b6e9192c634d275a5686)\nGeneric campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: GENERIC-questionable-pentest\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - exfiltration-generic\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - typosquatting\n","modified":"2026-03-19T12:50:56.847480Z","published":"2024-09-06T11:29:16Z","database_specific":{"malicious-packages-origins":[{"sha256":"43f6cb319ca0835689fd03f2d2f7a9e27baff475faaeebefbf76d08b7f80dfbe","modified_time":"2025-07-31T19:14:18Z","import_time":"2025-08-01T10:07:09.782114646Z","source":"reversing-labs","id":"RLMA-2025-03545","versions":["2.1.1"]},{"sha256":"f6857c9d628c7ca66d782db1646baaa5cbc6170ea914beac846c7572bfb07cdd","modified_time":"2024-09-06T11:29:16Z","import_time":"2025-12-02T22:30:54.964881638Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/GENERIC-questionable-pentest/babel-preset-current-node-syntax"},{"sha256":"227436e7c8f26da0ff88db12bd9102d85f9f596cf495b6e9192c634d275a5686","modified_time":"2024-09-06T11:29:16Z","import_time":"2025-12-02T23:07:18.003059253Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/GENERIC-questionable-pentest/babel-preset-current-node-syntax"},{"sha256":"1eb3de37b04cf075b9535570800e665e132e0c40c1b59bdfbf8c4e9375a78fa5","modified_time":"2024-09-06T11:29:16Z","import_time":"2025-12-10T21:38:57.304733787Z","source":"kam193","id":"pypi/GENERIC-questionable-pentest/babel-preset-current-node-syntax","versions":["2.1.1"]},{"sha256":"495ad126b322f1d6b89bfbc8ca9caf11403c5554271fe178c18776d07cd8718f","modified_time":"2026-03-18T12:11:45Z","import_time":"2026-03-19T12:19:28.317383025Z","source":"reversing-labs","id":"RLUA-2026-00133"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/babel-preset-current-node-syntax"}],"affected":[{"package":{"name":"babel-preset-current-node-syntax","ecosystem":"PyPI","purl":"pkg:pypi/babel-preset-current-node-syntax"},"versions":["2.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/babel-preset-current-node-syntax/MAL-2025-6460.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}