{"id":"MAL-2025-6596","summary":"Malicious code in sqiul83 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (67d309c2d4c740426c07cc17768f6313eebd765242e7e4a63aa04213d21358ea)\nDuring installation of the source package, it attempts to silently download and start a remote executable. At the time of analysis, the downloading link did not work.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-06-sqiul83\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-03-19T12:57:03.741513Z","published":"2025-06-26T22:27:06Z","database_specific":{"malicious-packages-origins":[{"sha256":"50965ee545a6046ec692a3500739f8584d8f7980afc4793e561c07f2eda79122","id":"RLMA-2025-03695","import_time":"2025-08-01T10:07:14.169315994Z","source":"reversing-labs","versions":["1.0"],"modified_time":"2025-07-31T19:16:38Z"},{"sha256":"c814029b088c2f3c40eae7fa25825a2591291fe9b69892dbe3963c9645d3951f","id":"pypi/2025-06-sqiul83/sqiul83","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T22:30:55.612014675Z","source":"kam193","modified_time":"2025-06-26T22:27:06Z"},{"sha256":"67d309c2d4c740426c07cc17768f6313eebd765242e7e4a63aa04213d21358ea","id":"pypi/2025-06-sqiul83/sqiul83","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2025-12-02T23:07:18.651856794Z","source":"kam193","modified_time":"2025-06-26T22:27:06Z"},{"sha256":"dbf605a93475074ca3af17c25463149da08e83159a9d964bf50e0bc23fb60699","id":"pypi/2025-06-sqiul83/sqiul83","import_time":"2025-12-10T21:38:57.841852813Z","source":"kam193","versions":["1.0"],"modified_time":"2025-06-26T22:27:06Z"},{"sha256":"4a13c955892bb0535eba365176c353b4ecfe60d828b3f9fd5210ac7325757884","id":"RLUA-2026-00778","import_time":"2026-03-19T12:20:29.595831432Z","source":"reversing-labs","modified_time":"2026-03-18T12:19:01Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/sqiul83"}],"affected":[{"package":{"name":"sqiul83","ecosystem":"PyPI","purl":"pkg:pypi/sqiul83"},"versions":["1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sqiul83/MAL-2025-6596.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}