MAL-2025-192683
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ai-cypher/MAL-2025-192683.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2025-192683
- Published
- 2025-12-21T01:10:53Z
- Modified
- 2025-12-21T19:50:59.627178Z
- Summary
- Malicious code in ai-cypher (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d)
The compiled native extension hides the code that during import exfiltrates sensitive Telegram files.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-ai-cypher
Reasons (based on the campaign):
exfiltration-credentials
target:telegram
native-extension
- Database specific
{ "malicious-packages-origins": [ { "sha256": "5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d", "import_time": "2025-12-21T01:36:03.632574518Z", "id": "pypi/2025-12-ai-cypher/ai-cypher", "modified_time": "2025-12-21T01:10:53.707349Z", "source": "kam193", "versions": [ "0.1.0" ] }, { "sha256": "9de254a4cdc670cee76e5c49607884a99d31121b414e16e87be441163c0c114f", "import_time": "2025-12-21T02:45:58.90139647Z", "id": "pypi/2025-12-ai-cypher/ai-cypher", "modified_time": "2025-12-21T01:10:53.707349Z", "source": "kam193", "versions": [ "0.1.0" ] }, { "sha256": "7c88a021ffc1e8d7e717f4c1fdce1017fcb18af9f5581961f75c8d2b0145d10b", "import_time": "2025-12-21T19:35:11.356001579Z", "id": "pypi/2025-12-ai-cypher/ai-cypher", "modified_time": "2025-12-21T18:49:38.635802Z", "source": "kam193", "versions": [ "0.1.0", "0.2.0" ] } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193) - ANALYST
-
- Kamil Mańkowski (kam193) - REPORTER
-
Affected packages
PyPI / ai-cypher
Package
- Name
- ai-cypher
- View open source insights on deps.dev
- Purl
- pkg:pypi/ai-cypher