{"id":"MAL-2025-6566","summary":"Malicious code in piprce (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (d83838279a89d5ade01981d993fcc70a555a562945268ccfc8f770a21910f55c)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:55:28.713407Z","published":"2024-07-26T16:53:30Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-08-01T10:07:13.210037469Z","versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.8.5","0.1.8.6","0.1.8.7","0.1.8.8","0.1.8.9","0.1.9","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.8.1","0.2.8.2","0.2.8.3","0.2.8.4","0.2.8.5","0.2.8.6","0.2.8.7","0.2.8.8","0.2.9","0.3.0","0.3.1"],"modified_time":"2025-07-31T19:16:03Z","source":"reversing-labs","sha256":"e54943ea82bd9a9f07dcb01624d50f4dcf7a287ce025e79a382f4989f7913a01","id":"RLMA-2025-03663"},{"import_time":"2025-12-02T22:30:56.299098342Z","source":"kam193","modified_time":"2024-07-26T16:53:30Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"sha256":"994309f7bb5c72d472446d67c9de59003e8d7c3c447421d66b1153f4656a4f48","id":"pypi/GENERIC-standard-pypi-install-pentest/piprce"},{"import_time":"2025-12-02T23:07:19.487281302Z","source":"kam193","modified_time":"2024-07-26T16:53:30Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"sha256":"d83838279a89d5ade01981d993fcc70a555a562945268ccfc8f770a21910f55c","id":"pypi/GENERIC-standard-pypi-install-pentest/piprce"},{"import_time":"2025-12-10T21:38:58.602749119Z","versions":["0.0.6","0.1.3","0.0.1","0.0.2","0.0.3","0.0.7","0.0.8","0.0.9","0.1.0","0.1.1","0.1.2","0.1.4","0.1.6","0.1.7","0.1.8","0.1.8.5","0.1.8.6","0.1.8.7","0.1.8.8","0.1.8.9","0.1.9","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8.2","0.2.8","0.2.8.1","0.2.8.3","0.2.8.4","0.2.8.8","0.2.8.5","0.2.8.7","0.2.8.6","0.2.9","0.3.0","0.3.1"],"modified_time":"2024-07-26T16:53:30Z","source":"kam193","sha256":"3a503af7229bedfc7e89e845d8cccdc5e77f3ec755e47ef9bcc022957390d50c","id":"pypi/GENERIC-standard-pypi-install-pentest/piprce"},{"import_time":"2025-12-30T22:39:04.328711805Z","versions":["0.0.1","0.0.2","0.0.3","0.0.6","0.0.7","0.0.8","0.0.9","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.6","0.1.7","0.1.8","0.1.8.5","0.1.8.6","0.1.8.7","0.1.8.8","0.1.8.9","0.1.9","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.8.1","0.2.8.2","0.2.8.3","0.2.8.4","0.2.8.5","0.2.8.6","0.2.8.7","0.2.8.8","0.2.9","0.3.0","0.3.1"],"modified_time":"2024-07-26T16:53:30Z","source":"kam193","sha256":"fc71afc121f45abcefb77ff96429b65253cd1b7a94377602cfaa9b05d03f54b6","id":"pypi/GENERIC-standard-pypi-install-pentest/piprce"},{"import_time":"2026-03-19T12:20:12.499963191Z","modified_time":"2026-03-18T12:16:58Z","source":"reversing-labs","sha256":"48c89ddb060a1f78616d485d9728011dc9b11aa6529ae2f8fd6b44502905f74d","id":"RLUA-2026-00595"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/piprce"}],"affected":[{"package":{"name":"piprce","ecosystem":"PyPI","purl":"pkg:pypi/piprce"},"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.8.5","0.1.8.6","0.1.8.7","0.1.8.8","0.1.8.9","0.1.9","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.8.1","0.2.8.2","0.2.8.3","0.2.8.4","0.2.8.5","0.2.8.6","0.2.8.7","0.2.8.8","0.2.9","0.3.0","0.3.1","0.1.6","0.1.7","0.1.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/piprce/MAL-2025-6566.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}