{"id":"MAL-2025-939","summary":"Malicious code in kotlin-stdlib-jdk8 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (f217cf2fd34c9cab642b70bd9d778e6ef08a3dfba1954060a29983f2d3e6d47e)\nImporting the module triggers sending out the hostname to the package author. It looks to be a placeholder/pentest activity related to BytedDance.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2024-11-0wn-sh\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n","modified":"2026-03-19T12:54:22.820076Z","published":"2024-11-29T13:03:21Z","database_specific":{"iocs":{"domains":["0wn.sh"]},"malicious-packages-origins":[{"sha256":"358c5b8658e94ee68a9b8cf7816f40f6e20eddb7e39004b89adcbc04ce30b349","import_time":"2025-02-03T18:38:07.047103633Z","source":"reversing-labs","modified_time":"2025-02-03T17:07:31Z","id":"RLMA-2025-00479","versions":["99.1.1"]},{"sha256":"a64de7cff803d4506a8f4ea9b3763238a4fd70d8c429b3d4e05520837e6159d0","import_time":"2025-12-02T22:30:56.155158316Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-11-29T13:03:21Z","id":"pypi/2024-11-0wn-sh/kotlin-stdlib-jdk8"},{"sha256":"f217cf2fd34c9cab642b70bd9d778e6ef08a3dfba1954060a29983f2d3e6d47e","import_time":"2025-12-02T23:07:19.337776749Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","modified_time":"2024-11-29T13:03:21Z","id":"pypi/2024-11-0wn-sh/kotlin-stdlib-jdk8"},{"sha256":"d075f478d2bda3ba78729516ff4ffa8652b844fc1f87dd489b95414f60d9c98d","import_time":"2026-03-19T12:19:57.948981099Z","source":"reversing-labs","modified_time":"2026-03-18T12:15:27Z","id":"RLUA-2026-00457"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/kotlin-stdlib-jdk8"}],"affected":[{"package":{"name":"kotlin-stdlib-jdk8","ecosystem":"PyPI","purl":"pkg:pypi/kotlin-stdlib-jdk8"},"versions":["99.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/kotlin-stdlib-jdk8/MAL-2025-939.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}