{"schema_version":"1.7.5","id":"MAL-2025-191628","published":"2025-10-19T16:31:21Z","modified":"2026-03-19T12:53:36.205242Z","summary":"Malicious code in hamurico (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (ae32a191b8b917707be1b631c022a7ffbc889b84937dc71700a0d6f589b65ad2)\nPackages that either reports home installation, simulate malicious activity or imitate Roblox API wrapper.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2025-10-wangzhou183\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","affected":[{"package":{"name":"hamurico","ecosystem":"PyPI","purl":"pkg:pypi/hamurico"},"versions":["0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hamurico/MAL-2025-191628.json"}}],"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/hamurico"}],"database_specific":{"iocs":{"urls":["https://discord.com/api/webhooks/1429446372410654800/CmzQaPJypMtuap4BqDzebkFZfSTVJoFRjj1UGfL_MZ1f7zTagpa5QkgAVC_WOVTA3CMV"]},"malicious-packages-origins":[{"id":"RLMA-2025-05597","import_time":"2025-12-02T09:09:36.84641351Z","modified_time":"2025-12-01T12:54:23Z","sha256":"c3921036d42829dcedb7405f7556216d954edc9c25c69068221c78d43fde887b","source":"reversing-labs","versions":["0.1"]},{"id":"pypi/2025-10-wangzhou183/hamurico","import_time":"2025-12-02T22:30:56.086939184Z","modified_time":"2025-10-19T16:31:21.432698Z","sha256":"2e78810e79974e248ac22833227c9f06afbc49b50e2e00243236e24b11bb7a3a","source":"kam193","versions":["0.1"]},{"id":"pypi/2025-10-wangzhou183/hamurico","import_time":"2025-12-02T23:07:19.276252624Z","modified_time":"2025-10-19T16:31:21.432698Z","sha256":"ae32a191b8b917707be1b631c022a7ffbc889b84937dc71700a0d6f589b65ad2","source":"kam193","versions":["0.1"]},{"id":"RLUA-2026-00376","import_time":"2026-03-19T12:19:50.723117201Z","modified_time":"2026-03-18T12:14:30Z","sha256":"2309b69c4d1d74c43f19a3ddeb927a697a35100d54e33ade7e1a649c65c1449c","source":"reversing-labs"}]},"credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}