{"id":"MAL-2025-6471","summary":"Malicious code in bulktweetplus (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (3f66a670d67e37fec4746d5aaf53be9e2f5267c68b667f1becdb55f8d75ce70a)\nUsing the function simulates some behavior, but then download and runs an Infostealer\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-06-bulktweetbyref\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n\n\n - infostealer\n","modified":"2026-03-19T12:50:42.677955Z","published":"2025-06-18T05:42:14Z","database_specific":{"malicious-packages-origins":[{"versions":["0.1.0"],"source":"reversing-labs","sha256":"47fb1215e3eeda89cfcc7ad00da4a0180d569339a71a6179b6dbf6a8665ecdb8","modified_time":"2025-07-31T19:14:28Z","import_time":"2025-08-01T10:07:10.148288189Z","id":"RLMA-2025-03556"},{"source":"kam193","sha256":"397afb7be38d5df8c771e8f54a230fe8d2e1f6632fc83039e63c3b7b0eef862b","modified_time":"2025-06-18T05:42:14Z","import_time":"2025-12-02T22:30:55.022556969Z","id":"pypi/2025-06-bulktweetbyref/bulktweetplus","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"source":"kam193","sha256":"3f66a670d67e37fec4746d5aaf53be9e2f5267c68b667f1becdb55f8d75ce70a","modified_time":"2025-06-18T05:42:14Z","import_time":"2025-12-02T23:07:18.039263276Z","id":"pypi/2025-06-bulktweetbyref/bulktweetplus","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"versions":["0.1.0"],"source":"kam193","sha256":"2beb52e86cfea789dfd951d11b96b89fd9f427f7360abf39dfc97d4573e53f29","modified_time":"2025-06-18T05:42:14Z","import_time":"2025-12-10T21:38:57.33182516Z","id":"pypi/2025-06-bulktweetbyref/bulktweetplus"},{"source":"reversing-labs","sha256":"c178a4cc400029c1d6f19a3e844cf30d35b52a2d302f08211bbe6d91b4290d91","modified_time":"2026-03-18T12:12:06Z","import_time":"2026-03-19T12:19:31.017185289Z","id":"RLUA-2026-00162"}],"iocs":{"urls":["https://github.com/kokochatgpcod/akaak/releases/download/nothinfgg/allinone.exe"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/bulktweetplus"}],"affected":[{"package":{"name":"bulktweetplus","ecosystem":"PyPI","purl":"pkg:pypi/bulktweetplus"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bulktweetplus/MAL-2025-6471.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}