{"id":"MAL-2025-6541","summary":"Malicious code in malimalo (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (3b4acdcbd7f8ae1e20019b3c0126a4b5bac73cb07a6bc4c0c3a024bc2a390b34)\nThe only goal of the package is to execute a webhook or a suspicious file during installation.\n\nClosely related to 2025-07-0x9xnx - created after previous packages were quarantined, similar names, similar usage, but no clearly malicious parts.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2025-07-malimalo\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:54:33.413824Z","published":"2025-07-04T11:41:06Z","database_specific":{"malicious-packages-origins":[{"versions":["0.0.1"],"modified_time":"2025-07-31T19:15:37Z","id":"RLMA-2025-03637","sha256":"d8610dcc53f2836495becebaa0c2f2ad2f2e131e44da8c3009517de018410f15","source":"reversing-labs","import_time":"2025-08-01T10:07:12.423123784Z"},{"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-07-04T11:41:06Z","id":"pypi/2025-07-malimalo/malimalo","sha256":"0aa1f8b77438d2568df013c5926cfd65aafa39246c5ec3cf1729e19668a3cf9b","source":"kam193","import_time":"2025-12-02T22:30:56.190737248Z"},{"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-07-04T11:41:06Z","id":"pypi/2025-07-malimalo/malimalo","sha256":"3b4acdcbd7f8ae1e20019b3c0126a4b5bac73cb07a6bc4c0c3a024bc2a390b34","source":"kam193","import_time":"2025-12-02T23:07:19.372195614Z"},{"versions":["0.0.1"],"modified_time":"2025-07-04T11:41:06Z","id":"pypi/2025-07-malimalo/malimalo","sha256":"1ded7a117fd168edf74611ecfeffdaca97e288f63ef851330b803b7ee8aa946d","source":"kam193","import_time":"2025-12-10T21:38:58.498034745Z"},{"modified_time":"2026-03-18T12:15:48Z","id":"RLUA-2026-00489","sha256":"89b290e96aad221856fbd5b8278988cf6a37c0de4b6a2b7a152fe41309f1cc06","source":"reversing-labs","import_time":"2026-03-19T12:20:01.13197545Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/malimalo"}],"affected":[{"package":{"name":"malimalo","ecosystem":"PyPI","purl":"pkg:pypi/malimalo"},"versions":["0.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/malimalo/MAL-2025-6541.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}