{"id":"MAL-2025-6513","summary":"Malicious code in gramapi (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea)\nThe code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-puregram\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n","modified":"2026-03-19T12:53:31.112141Z","published":"2025-07-11T22:51:02Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","sha256":"43e09b4c772dcc6f820f6c1d9afa45843094d16166b4544dd21598a65f9713a0","modified_time":"2025-07-31T19:15:09Z","import_time":"2025-08-01T10:07:11.449674325Z","id":"RLMA-2025-03604","versions":["1.0.0","1.0.2","1.0.3"]},{"source":"kam193","sha256":"6c159a05f62456f5baab74fe6eb262de26bc0197e4dc716998acbd314a09c4ff","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-07-11T22:51:02.720963Z","import_time":"2025-12-02T22:30:55.226155343Z","id":"pypi/2025-07-puregram/gramapi"},{"source":"kam193","sha256":"2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-07-11T22:51:02.720963Z","import_time":"2025-12-02T23:07:18.246427699Z","id":"pypi/2025-07-puregram/gramapi"},{"source":"kam193","sha256":"449b726b8d94155052c2ea096db2129fb5a6d3408dad3992d352fb621d814c60","modified_time":"2025-07-11T22:51:02.720963Z","import_time":"2025-12-10T21:38:57.512082771Z","id":"pypi/2025-07-puregram/gramapi","versions":["1.0.0","1.0.3","1.0.2"]},{"source":"kam193","sha256":"a930516836313a3b8bacb726092701de52a88eb261565c2eb3e72328c4772aec","modified_time":"2025-07-11T22:51:02.720963Z","import_time":"2025-12-30T22:39:04.090751432Z","id":"pypi/2025-07-puregram/gramapi","versions":["1.0.0","1.0.2","1.0.3"]},{"source":"reversing-labs","sha256":"edbfccfc49a6f27380df3798cfcf8f53df0abc2f38d85818668e2b765bf380dc","modified_time":"2026-03-18T12:14:21Z","import_time":"2026-03-19T12:19:49.147225032Z","id":"RLUA-2026-00362"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/gramapi"}],"affected":[{"package":{"name":"gramapi","ecosystem":"PyPI","purl":"pkg:pypi/gramapi"},"versions":["1.0.0","1.0.2","1.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/gramapi/MAL-2025-6513.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}