{"id":"MAL-2025-945","summary":"Malicious code in mkdsli (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (196d1c4dba825b894b1e9708968b33e8f49523a93caa4dd839a05e0637f1716b)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:55:02.121046Z","published":"2024-07-26T16:53:30Z","database_specific":{"malicious-packages-origins":[{"versions":["3.0.0","4.0.0","5.0.0","6.0.0","7.0.0"],"modified_time":"2025-02-03T17:07:33Z","sha256":"b976b55c69dc445d815ae69f940820ea68f3ff0d874d7dd99eb8e11ce4cca6d9","source":"reversing-labs","id":"RLMA-2025-00485","import_time":"2025-02-03T18:38:07.362879438Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2024-07-26T16:53:30Z","sha256":"33eacd088d60e9fa9f48402c32ca441703a9a94da9f78a1116b8ba3ba95132c8","source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/mkdsli","import_time":"2025-12-02T22:30:56.216825984Z"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2024-07-26T16:53:30Z","sha256":"196d1c4dba825b894b1e9708968b33e8f49523a93caa4dd839a05e0637f1716b","source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/mkdsli","import_time":"2025-12-02T23:07:19.400103095Z"},{"versions":["3.0.0","4.0.0","5.0.0","6.0.0","7.0.0"],"modified_time":"2024-07-26T16:53:30Z","sha256":"33c61715e1c2960cf7c7e02c7e235fd55add1d8bad6ee2b4a2168acd8e78aea3","source":"kam193","id":"pypi/GENERIC-standard-pypi-install-pentest/mkdsli","import_time":"2025-12-10T21:38:58.523820141Z"},{"modified_time":"2026-03-18T12:16:08Z","sha256":"b8a7974dd9bd6a36b7c3e3fe685b7d97a0e348b1325131acfb1bd4d5883a3da8","source":"reversing-labs","id":"RLUA-2026-00524","import_time":"2026-03-19T12:20:04.968831032Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/mkdsli"}],"affected":[{"package":{"name":"mkdsli","ecosystem":"PyPI","purl":"pkg:pypi/mkdsli"},"versions":["3.0.0","4.0.0","5.0.0","6.0.0","7.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mkdsli/MAL-2025-945.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}