MAL-2025-192953

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiogram-types-v3/MAL-2025-192953.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2025-192953

Published

2025-12-28T01:44:36Z

Modified

2025-12-28T20:16:44.503893Z

Summary

Malicious code in aiogram-types-v3 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (f6ba04e944f1dfda1aaa2d571fa79cd8ce4074a106bae228e582473226810baf)

During installation or importing the module, the package starts a reverse shell to hardcoded locatiom

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-aiogram-sever-patch

Reasons (based on the campaign):

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package overrides the install command in setup.py to execute malicious code during installation.
dependency-confusion

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "3.0.1"
            ],
            "modified_time": "2025-12-28T01:44:36.367779Z",
            "id": "pypi/2025-12-aiogram-sever-patch/aiogram-types-v3",
            "source": "kam193",
            "sha256": "f6ba04e944f1dfda1aaa2d571fa79cd8ce4074a106bae228e582473226810baf",
            "import_time": "2025-12-28T02:51:24.382598089Z"
        },
        {
            "versions": [
                "3.0.1",
                "3.0.2",
                "3.0.5",
                "3.1.0",
                "3.1.5"
            ],
            "modified_time": "2025-12-28T17:55:37.689964Z",
            "id": "pypi/2025-12-aiogram-sever-patch/aiogram-types-v3",
            "source": "kam193",
            "sha256": "316e41d7996fbbce00672b313f1b120a2f308f2bc8a53f6b19eb0bd2c1029ac0",
            "import_time": "2025-12-28T18:09:33.818025525Z"
        },
        {
            "versions": [
                "3.0.1",
                "3.0.2",
                "3.0.5",
                "3.1.0",
                "3.1.5",
                "3.3.1",
                "3.4.0"
            ],
            "modified_time": "2025-12-28T18:53:54.171152Z",
            "id": "pypi/2025-12-aiogram-sever-patch/aiogram-types-v3",
            "source": "kam193",
            "sha256": "87996549737c8dd370e796339a3c31956da3de177920cbd16ab77f5d5d68afa2",
            "import_time": "2025-12-28T19:06:12.246580866Z"
        },
        {
            "versions": [
                "3.0.1",
                "3.0.2",
                "3.0.5",
                "3.1.0",
                "3.1.5",
                "3.3.1",
                "3.4.0",
                "3.9.7",
                "3.2.0",
                "4.2.0",
                "5.9.8",
                "3.9.8"
            ],
            "modified_time": "2025-12-28T19:40:03.129019Z",
            "id": "pypi/2025-12-aiogram-sever-patch/aiogram-types-v3",
            "source": "kam193",
            "sha256": "46554d260857f5bf6b1492bb29e90938ef28d557cef06c930d786a9a2ac0b0f9",
            "import_time": "2025-12-28T20:07:59.79231834Z"
        }
    ],
    "iocs": {
        "ips": [
            "147.45.124.42"
        ]
    }
}

References

https://bad-packages.kam193.eu/pypi/package/aiogram-types-v3

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / aiogram-types-v3

Package

Name: aiogram-types-v3; View open source insights on deps.dev
Purl: pkg:pypi/aiogram-types-v3

Affected ranges

Affected versions

3.*

3.0.1

3.0.2

3.0.5

3.1.0

3.1.5

3.2.0

3.3.1

3.4.0

3.9.7

3.9.8

4.*

4.2.0

5.*

5.9.8

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/aiogram-types-v3/MAL-2025-192953.json"