MAL-2024-11594

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ferminet-with-ecp/MAL-2024-11594.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-11594
Published
2024-11-06T18:46:10Z
Modified
2026-03-19T13:02:43.085521Z
Summary
Malicious code in ferminet-with-ecp (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (ee00c3ebd9a9dd393b6184c63072d81baa2ae968a831319453996dcf03d47999)

A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the username to the package author. There is no other purpose of the package.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-11-byted-dast

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • typosquatting

  • dependency-confusion

Database specific 
{
    "iocs": {
        "domains": [
            "byted-dast.com"
        ]
    },
    "malicious-packages-origins": [
        {
            "modified_time": "2024-12-09T06:50:16Z",
            "id": "RLMA-2024-11045",
            "import_time": "2024-12-09T14:38:43.859016398Z",
            "versions": [
                "94.6"
            ],
            "sha256": "28a014f47962bbde1298c16afcb96576de20b1938f241226b915eb544c922fc1",
            "source": "reversing-labs"
        },
        {
            "modified_time": "2024-11-06T18:46:10Z",
            "id": "pypi/2024-11-byted-dast/ferminet-with-ecp",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:56.043377772Z",
            "sha256": "fafbef969ae7d406279585afe7b2c345139985c6a994657e84970f098b503bca",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ]
        },
        {
            "modified_time": "2024-11-06T18:46:10Z",
            "id": "pypi/2024-11-byted-dast/ferminet-with-ecp",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:19.234575636Z",
            "sha256": "ee00c3ebd9a9dd393b6184c63072d81baa2ae968a831319453996dcf03d47999",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ]
        },
        {
            "modified_time": "2024-11-06T18:46:10Z",
            "id": "pypi/2024-11-byted-dast/ferminet-with-ecp",
            "import_time": "2025-12-10T21:38:58.378798933Z",
            "versions": [
                "94.6"
            ],
            "sha256": "fabff0f1dc57aa653b33edead7105fbc968d132f9a921b21e2dd8c055560be91",
            "source": "kam193"
        },
        {
            "modified_time": "2026-03-18T12:13:49Z",
            "id": "RLUA-2026-00320",
            "import_time": "2026-03-19T12:19:45.214451687Z",
            "sha256": "f1826b03f1794efeddfceefa6e39ea828f8af147bb1c1b8f402fd732135e7d85",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / ferminet-with-ecp

Package

Name
ferminet-with-ecp
View open source insights on deps.dev
Purl
pkg:pypi/ferminet-with-ecp

Affected ranges

Affected versions

94.*
94.6

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ferminet-with-ecp/MAL-2024-11594.json"