{"id":"MAL-2025-6598","summary":"Malicious code in syscachelib (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (c8aa87f03342830d082dcfd87dfce0528b19781902f9c9e56a7379046d8a1572)\nImporting the module starts a UAC bypass through fodhelper to run a privileged shell, and download and execute a remote file.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-06-syscachelib\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-03-19T12:57:13.502611Z","published":"2025-06-17T06:40:46Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-07-31T19:16:40Z","source":"reversing-labs","import_time":"2025-08-01T10:07:14.216496533Z","id":"RLMA-2025-03697","versions":["0.1.0"],"sha256":"9439421074301faa201d8a700cc7c6a9b3e3a158c495b3653c518eea4873374e"},{"modified_time":"2025-06-17T06:40:46Z","source":"kam193","import_time":"2025-12-02T22:30:55.620419522Z","id":"pypi/2025-06-syscachelib/syscachelib","sha256":"15f8ac921b946afdd64e282531a4b3facd26e0ab054a2623c06ae45b2427e33b","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"modified_time":"2025-06-17T06:40:46Z","source":"kam193","import_time":"2025-12-02T23:07:18.661235237Z","id":"pypi/2025-06-syscachelib/syscachelib","sha256":"c8aa87f03342830d082dcfd87dfce0528b19781902f9c9e56a7379046d8a1572","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"modified_time":"2025-06-17T06:40:46Z","source":"kam193","import_time":"2025-12-10T21:38:57.849757308Z","id":"pypi/2025-06-syscachelib/syscachelib","versions":["0.1.0"],"sha256":"52bff373c7a386ec56b7af2e25df2663e33239505b905f7afba7425da40d1c1b"},{"modified_time":"2026-03-18T12:19:11Z","source":"reversing-labs","import_time":"2026-03-19T12:20:31.149813812Z","id":"RLUA-2026-00793","sha256":"192b5d9ba2c47356235831260dcb41d5d7191e2ba844b436421e2e92dedb0abd"}],"iocs":{"urls":["https://pixeldrain.com/api/file/W9GvXEhE?download"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/syscachelib"}],"affected":[{"package":{"name":"syscachelib","ecosystem":"PyPI","purl":"pkg:pypi/syscachelib"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/syscachelib/MAL-2025-6598.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}