{"id":"MAL-2025-6543","summary":"Malicious code in malimalooo (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (68fa420b0a99cf34a9226a9deb8781219fd54964c91f41a41d2867063a365c32)\nThe only goal of the package is to execute a webhook or a suspicious file during installation.\n\nClosely related to 2025-07-0x9xnx - created after previous packages were quarantined, similar names, similar usage, but no clearly malicious parts.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2025-07-malimalo\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:54:38.184914Z","published":"2025-07-04T11:41:06Z","database_specific":{"malicious-packages-origins":[{"sha256":"d9405b52fce4776f152f3aa76174829a81b8010f8efbd95fd443ef3502d83aa0","id":"RLMA-2025-03639","versions":["0.0.1"],"modified_time":"2025-07-31T19:15:38Z","source":"reversing-labs","import_time":"2025-08-01T10:07:12.469827066Z"},{"sha256":"0086b1c945f925abb4841ddaac355a2bef7dde3299b695868dd0b138dba890a9","id":"pypi/2025-07-malimalo/malimalooo","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-07-04T11:41:06Z","source":"kam193","import_time":"2025-12-02T22:30:56.192455709Z"},{"sha256":"68fa420b0a99cf34a9226a9deb8781219fd54964c91f41a41d2867063a365c32","id":"pypi/2025-07-malimalo/malimalooo","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-07-04T11:41:06Z","source":"kam193","import_time":"2025-12-02T23:07:19.374203164Z"},{"sha256":"85338861b17e51d72ce0d2cb7c05b980d4a80038d202626266d9d959bde94f39","id":"pypi/2025-07-malimalo/malimalooo","versions":["0.0.1"],"modified_time":"2025-07-04T11:41:06Z","source":"kam193","import_time":"2025-12-10T21:38:58.500031927Z"},{"sha256":"073870648c5addedef27c775d4122175d743660d0b32cc6de96af943c74f221c","id":"RLUA-2026-00491","modified_time":"2026-03-18T12:15:49Z","source":"reversing-labs","import_time":"2026-03-19T12:20:01.372861421Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/malimalooo"}],"affected":[{"package":{"name":"malimalooo","ecosystem":"PyPI","purl":"pkg:pypi/malimalooo"},"versions":["0.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/malimalooo/MAL-2025-6543.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}