{"id":"MAL-2025-6570","summary":"Malicious code in pyobfuscation (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (f8e00692944f5cafaa4c7fdb9974554f20629bd4581e2c68baa5f1b0ca675def)\nDuring installation, an executable is downloaded and started. It's been identified to contain Brute Ratel C4 components\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-pyobfuscation\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n\n\n - obfuscation\n","modified":"2026-03-19T12:55:52.208862Z","published":"2025-06-03T19:02:52Z","database_specific":{"malicious-packages-origins":[{"sha256":"4f7751b060181cea4f3b7da11f3306c9057843379d6b0aca2f22afebebf30042","versions":["0.1.0"],"modified_time":"2025-07-31T19:16:08Z","import_time":"2025-08-01T10:07:13.33796067Z","id":"RLMA-2025-03668","source":"reversing-labs"},{"sha256":"058fcd870cd771f9287f8a5004423f12ad7d47f5fce5840eb25c348534fdf6c2","modified_time":"2025-06-03T19:02:52Z","import_time":"2025-12-02T22:30:55.47454259Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"id":"pypi/2025-05-pyobfuscation/pyobfuscation","source":"kam193"},{"sha256":"f8e00692944f5cafaa4c7fdb9974554f20629bd4581e2c68baa5f1b0ca675def","modified_time":"2025-06-03T19:02:52Z","import_time":"2025-12-02T23:07:18.500033421Z","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"id":"pypi/2025-05-pyobfuscation/pyobfuscation","source":"kam193"},{"sha256":"91d282d471eada34f3697e9705cc7be31875eceddefd054edf1a249c1d4a2928","versions":["0.1.0"],"modified_time":"2025-06-03T19:02:52Z","import_time":"2025-12-10T21:38:57.714385306Z","id":"pypi/2025-05-pyobfuscation/pyobfuscation","source":"kam193"},{"sha256":"c5e1f568a3b49a8e9b8f06dff161ba0fdbaf317d85584df26472d1ceb52c04e2","modified_time":"2026-03-18T12:17:32Z","import_time":"2026-03-19T12:20:16.357288005Z","id":"RLUA-2026-00641","source":"reversing-labs"}],"iocs":{"urls":["https://raw.githubusercontent.com/aydendev0/cd4afc0d20c6/refs/heads/main/llama"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pyobfuscation"}],"affected":[{"package":{"name":"pyobfuscation","ecosystem":"PyPI","purl":"pkg:pypi/pyobfuscation"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyobfuscation/MAL-2025-6570.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}