{"id":"MAL-2025-970","summary":"Malicious code in requests1 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8a90fb9bdcfcbdf0996c9b09ca72f9577185947dd235586518b7b30ce3e0a5ff)\nPackages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-simple-tests\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-03-19T12:56:24.840227Z","published":"2024-08-23T22:55:41Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","import_time":"2025-02-03T18:38:08.650301297Z","id":"RLMA-2025-00511","versions":["3.3.3.3"],"sha256":"9d3b8f2e89f181b016255bcaa1f89581634a8b23d8bb21a1bea74faad1109898","modified_time":"2025-02-03T17:07:47Z"},{"source":"kam193","import_time":"2025-12-02T22:30:56.369865874Z","id":"pypi/GENERIC-simple-tests/requests1","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"f6d7802fea36a8a4e8091d0d663eac22ec9dda0e2e4aa8c45ffcb642b46c8de6","modified_time":"2024-08-23T22:55:41Z"},{"source":"kam193","import_time":"2025-12-02T23:07:19.557451524Z","id":"pypi/GENERIC-simple-tests/requests1","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"8a90fb9bdcfcbdf0996c9b09ca72f9577185947dd235586518b7b30ce3e0a5ff","modified_time":"2024-08-23T22:55:41Z"},{"source":"kam193","import_time":"2025-12-10T21:38:58.659996607Z","id":"pypi/GENERIC-simple-tests/requests1","versions":["3.3.3.3"],"sha256":"dda32545a1fdeb694966833861fa82168ff0ae284d3e086640e3a80ad0f626d9","modified_time":"2024-08-23T22:55:41Z"},{"source":"reversing-labs","import_time":"2026-03-19T12:20:22.850097511Z","id":"RLUA-2026-00709","sha256":"405141e96a6a1b2434e2fe0b90ba142b3062367eaf106a03ae3008aff0cb5670","modified_time":"2026-03-18T12:18:15Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/requests1"}],"affected":[{"package":{"name":"requests1","ecosystem":"PyPI","purl":"pkg:pypi/requests1"},"versions":["3.3.3.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/requests1/MAL-2025-970.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}