MAL-2025-192387

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/do-not-install-this-package-001/MAL-2025-192387.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2025-192387
Published
2025-12-09T09:25:41Z
Modified
2025-12-09T21:51:06.043729Z
Summary
Malicious code in do-not-install-this-package-001 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (27c17335ba5378258efc5d22274e8104e45a493eec51d60d0adbeb9c4f627714)

Generic campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: GENERIC-questionable-pentest

Reasons (based on the campaign):

  • exfiltration-env-variables

  • exfiltration-generic

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • typosquatting

Source: ossf-package-analysis (399ba544f533d013d73525a2e22fbc83c2f4f00ce44c27c15cff9ca8ccaf11de)

The OpenSSF Package Analysis project identified 'do-not-install-this-package-001' @ 0.1.3 (pypi) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2025-12-09T09:39:48.707768508Z",
            "sha256": "399ba544f533d013d73525a2e22fbc83c2f4f00ce44c27c15cff9ca8ccaf11de",
            "versions": [
                "0.1.3"
            ],
            "modified_time": "2025-12-09T09:25:41Z",
            "source": "ossf-package-analysis"
        },
        {
            "import_time": "2025-12-09T10:08:27.498058315Z",
            "sha256": "7249ad6aa9405dfaf9e7fad98da1c2cbc437ce5a803922315fc6d800e6e4283c",
            "versions": [
                "0.1.4"
            ],
            "modified_time": "2025-12-09T09:45:48Z",
            "source": "ossf-package-analysis"
        },
        {
            "import_time": "2025-12-09T11:06:32.658509704Z",
            "sha256": "2f9552a5ebf4c3459256111bab837a49dd05b9d3cf2dae2e7c02390a175ce1a6",
            "versions": [
                "0.1.5"
            ],
            "modified_time": "2025-12-09T11:00:53Z",
            "source": "ossf-package-analysis"
        },
        {
            "import_time": "2025-12-09T12:48:37.541206497Z",
            "sha256": "27c17335ba5378258efc5d22274e8104e45a493eec51d60d0adbeb9c4f627714",
            "versions": [
                "0.1.5",
                "0.1.4",
                "0.1.3"
            ],
            "modified_time": "2025-12-09T11:27:51.797776Z",
            "id": "pypi/GENERIC-questionable-pentest/do-not-install-this-package-001",
            "source": "kam193"
        },
        {
            "import_time": "2025-12-09T20:07:05.292640379Z",
            "sha256": "9c0fe3a3376e6379d81ea6d55c068db9f72a785fc8123f35704e35efe5200b97",
            "versions": [
                "0.1.6"
            ],
            "modified_time": "2025-12-09T20:06:00Z",
            "source": "ossf-package-analysis"
        },
        {
            "import_time": "2025-12-09T21:38:23.440762815Z",
            "sha256": "020d2cade2c23bce047da08607f512130fc03ec69a70a79ec046a1d6a8f91d86",
            "versions": [
                "0.1.5",
                "0.1.4",
                "0.1.3",
                "0.1.6"
            ],
            "modified_time": "2025-12-09T20:27:37.719212Z",
            "id": "pypi/GENERIC-questionable-pentest/do-not-install-this-package-001",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / do-not-install-this-package-001

Package

Name
do-not-install-this-package-001
View open source insights on deps.dev
Purl
pkg:pypi/do-not-install-this-package-001

Affected ranges

Affected versions

0.*

0.1.3
0.1.4
0.1.5
0.1.6