{"id":"MAL-2025-6552","summary":"Malicious code in my-fun-tools (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (6642f3653e49e0a80b7fadf4c06bc64cba8a1a359772f1c7a668888278348fd6)\nDuring installation, the obfuscated code attempts to insert a modified Python DLL and runs a code.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-06-my-fun-tools\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - obfuscation\n","modified":"2026-03-19T12:55:12.294595Z","published":"2025-06-09T11:26:07Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-08-01T10:07:12.773672815Z","sha256":"f8229907a1c2b8e9a4d1013f6bf6232b3bf902a4b93a2a5750a0b8b95cf18355","id":"RLMA-2025-03649","versions":["0.1.1","0.1.2"],"source":"reversing-labs","modified_time":"2025-07-31T19:15:48Z"},{"import_time":"2025-12-02T22:30:55.350941441Z","sha256":"2b06bd8806e27153d3e50bfa9d87e1de02e33d2dbf117494f1c37cf318f6a253","id":"pypi/2025-06-my-fun-tools/my-fun-tools","modified_time":"2025-06-09T11:26:07Z","source":"kam193","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"import_time":"2025-12-02T23:07:18.381918051Z","sha256":"6642f3653e49e0a80b7fadf4c06bc64cba8a1a359772f1c7a668888278348fd6","id":"pypi/2025-06-my-fun-tools/my-fun-tools","modified_time":"2025-06-09T11:26:07Z","source":"kam193","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}]},{"import_time":"2025-12-10T21:38:57.604620203Z","sha256":"c5bae316cd4e800afec4b840d75d5ff19324781ce4f0a9e754f2784ff6eeabf0","id":"pypi/2025-06-my-fun-tools/my-fun-tools","versions":["0.1.1","0.1.2"],"source":"kam193","modified_time":"2025-06-09T11:26:07Z"},{"import_time":"2026-03-19T12:20:07.603773824Z","sha256":"36c03149cb1df8b6d2546233fe74412f04b4b7a4f45da6b9d3c385b1a2c4b636","id":"RLUA-2026-00547","source":"reversing-labs","modified_time":"2026-03-18T12:16:23Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/my-fun-tools"}],"affected":[{"package":{"name":"my-fun-tools","ecosystem":"PyPI","purl":"pkg:pypi/my-fun-tools"},"versions":["0.1.1","0.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/my-fun-tools/MAL-2025-6552.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}