{"schema_version":"1.7.5","id":"MAL-2025-191642","published":"2025-10-19T16:42:33Z","modified":"2026-03-19T12:54:24.216644Z","summary":"Malicious code in kirux189894 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (f147ce226cffa7d6f6b34db801242958dc198c8d18c01cef735b65439dae8678)\nPackage simulates malicious activity during installation and has no other purpose\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: 2025-10-wangzhou183\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","affected":[{"package":{"name":"kirux189894","ecosystem":"PyPI","purl":"pkg:pypi/kirux189894"},"versions":["0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/kirux189894/MAL-2025-191642.json"}}],"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/kirux189894"}],"database_specific":{"iocs":{"urls":["https://discord.com/api/webhooks/1429446372410654800/CmzQaPJypMtuap4BqDzebkFZfSTVJoFRjj1UGfL_MZ1f7zTagpa5QkgAVC_WOVTA3CMV"]},"malicious-packages-origins":[{"id":"RLMA-2025-05613","import_time":"2025-12-02T09:09:37.916027819Z","modified_time":"2025-12-01T12:54:35Z","sha256":"7cb5b563328257581931a74c2c391cf5b3fbbca32c3894a0c7cb4002c48f5471","source":"reversing-labs","versions":["0.1"]},{"id":"pypi/2025-10-wangzhou183/kirux189894","import_time":"2025-12-02T22:30:56.148896192Z","modified_time":"2025-10-19T16:42:33.873455Z","sha256":"a706f83e7abbadbb116431c5616c48433645df5f4feb868daa8b174d9e428b8c","source":"kam193","versions":["0.1"]},{"id":"pypi/2025-10-wangzhou183/kirux189894","import_time":"2025-12-02T23:07:19.332590869Z","modified_time":"2025-10-19T16:42:33.873455Z","sha256":"f147ce226cffa7d6f6b34db801242958dc198c8d18c01cef735b65439dae8678","source":"kam193","versions":["0.1"]},{"id":"RLUA-2026-00454","import_time":"2026-03-19T12:19:57.683858803Z","modified_time":"2026-03-18T12:15:24Z","sha256":"2bf48abe6c512f80de104d3a28f2c32eb056d97d45968946f3fb3d384d984596","source":"reversing-labs"}]},"credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}