{"id":"MAL-2025-6524","summary":"Malicious code in initer (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (d2aac1e40660cbe4323a93d03087f3b9a2d596a5dcfcf2bae3cb0a2ab37cf646)\nFile is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-pyiniter\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-03-19T12:54:04.564783Z","published":"2025-05-09T20:14:13Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-07-31T19:15:20Z","import_time":"2025-08-01T10:07:11.848733674Z","source":"reversing-labs","id":"RLMA-2025-03617","versions":["0.2.1","0.2.2","0.2.5","0.2.6"],"sha256":"d861b2940416441d955f0078fd9ba3c35223bfce822fc68aea70992eaeff8ef1"},{"modified_time":"2025-05-09T20:14:13Z","import_time":"2025-12-02T22:30:55.272800406Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/2025-05-pyiniter/initer","sha256":"f45885faecd0182d82ca81d8adaf52a442b0f493b06eb7b74e8252ab4f009305","source":"kam193"},{"modified_time":"2025-05-09T20:14:13Z","import_time":"2025-12-02T23:07:18.296967663Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"id":"pypi/2025-05-pyiniter/initer","sha256":"d2aac1e40660cbe4323a93d03087f3b9a2d596a5dcfcf2bae3cb0a2ab37cf646","source":"kam193"},{"modified_time":"2025-05-09T20:14:13Z","import_time":"2025-12-10T21:38:57.543740644Z","source":"kam193","id":"pypi/2025-05-pyiniter/initer","versions":["0.2.1","0.2.2","0.2.5","0.2.6"],"sha256":"21397f251ca4fbd591f60ad9a363777197cfd0746788a1c23854abbbe948bb6b"},{"modified_time":"2026-03-18T12:15:03Z","import_time":"2026-03-19T12:19:54.929393922Z","source":"reversing-labs","id":"RLUA-2026-00425","sha256":"c8ee98ac9e79a9222adb2248cc6ed6d4c35f32b5ebe9a3a2b9f68a09b8140606"}],"iocs":{"urls":["https://raw.githubusercontent.com/Sierftgddfgrth/win32dll/main/win32dll.exe"]}},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/fbb53fbf45d3ec579d4273ae95e8c833f12d66a2111633d65edb1e42513addc6"},{"type":"WEB","url":"https://www.virustotal.com/gui/file-analysis/M2YwMDg3ZDUyOWFlZjIxY2RlMTE2ODQwMmJmMmU2MDE6MTc0ODU2MTExMQ=="},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/initer"}],"affected":[{"package":{"name":"initer","ecosystem":"PyPI","purl":"pkg:pypi/initer"},"versions":["0.2.1","0.2.2","0.2.5","0.2.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/initer/MAL-2025-6524.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}